IPFW In-Kernel NAT vs PF NAT Performance

Eugene Grosbein eugen at grosbein.net
Thu Mar 19 11:26:49 UTC 2020


19.03.2020 18:19, Lev Serebryakov wrote:

>> Don't you think that now as ipfw nat builds libalias in kernel context,
>> it could scale with maxusers (sys/systm.h) ?
>>
>> Something like (4001 + (maxusers-32)*8) so it grows with amount of physical memory
>> and is kept small for low-memory systems.
>  IMHO, "maxusers" us useless now. It must be sysctl, as size of dynamic
> state table of IPFW itself. I have low-memory system where WHOLE memory
> is dedicated to firewall/nat, for example. I need really huge tables
> (131101) to make it work "bad" and not "terrible".

Sure, dedicated sysctl. I mean, its default value should be auto-tuned based on maxusers
that grows with installed RAM by default.





More information about the freebsd-net mailing list