svn commit: r316435 - in head: sbin/ipfw sys/conf sys/modules sys/modules/ipfw_pmod sys/netpfil/ipfw/pmod
Bruce Simpson
bms at fastmail.net
Wed Apr 5 12:05:02 UTC 2017
On 03/04/17 15:12, Julian Elischer wrote:
> On 3/4/17 11:07 am, Andrey V. Elsukov wrote:
>> Author: ae
>> Date: Mon Apr 3 03:07:48 2017
>> New Revision: 316435
>> URL: https://svnweb.freebsd.org/changeset/base/316435
>
> it was always my intention to hook netgraph modules into ipfw in this way
In my humble opinion, in an ideal world, everything warrants a rethink -
in terms of "abstract forwarding elements". This is how a lot of the
newer integrated routing/switching hardware seems to behave; designs
like the FM6000, Juniper's Trio, and so on.
For now, we've got several bodies of firewall code available in the
FreeBSD base system. The MSS tweak is much appreciated; it makes DSL and
Cable access more usable for many.
But I appreciate the sentiment of taking what is - on the face of it - a
simple network protocol transformation at a FreeBSD hop, as something
which really, we'd ideally have a common way of expressing.
I struggle to keep track of all of this development, personally. It
would be great if we could take the best from all of them, incorporate
scalability for LRO and so on, and hybrid forwarding chips, or other
offload stack approach, in the same code base somehow.
It's worth a trip down to the 1.4Tbit/s Alien Superchannel to see what
I'm getting at. Multi-100GBE into 1U is a reality now.
More information about the svn-src-head
mailing list