Avoiding natd overhead
Brett Glass
brett at lariat.net
Sat Oct 21 21:54:23 UTC 2006
At 03:58 AM 10/21/2006, Matthew D. Fuller wrote:
>Paolo Pisati's 2005 SoC work on integrating libalias into ipfw might
>fit here. It should move the NAT'ing into the kernel and save all the
>context switches and copies, and (what has me more interested) make it
>much easier to change port forwarding and other rules.
That would be excellent. NAT really belongs in the kernel, with a
userland control and monitoring utility similar to the ones that manage
kernel PPP in many UNIX-like OSes.
>The worst
>thing about natd for me isn't performance, it's that I have to blow
>away all the state to change anything.
Agreed. Also, more than once I've locked myself out of a machine when
trying to restart NAT with a different configuration; it would be
nice to be able to change just the parameters I needed to change.
I'd love to be able to look at the translations that are generated on
the fly in the same way that one can look at other dynamic rules.
This is especially true for some of the more arcane forms of NAT
(e.g. PPTP passthrough, in which PPTP session numbers are mapped
to avoid collisions) which can be hard to debug when something goes
worng.
--Brett
More information about the freebsd-net
mailing list