cvs commit: src/sys/conf files options src/sys/contrib/ipfilter/netinet ip_fil.c ip_fil.h src/sys/i386/conf GENERIC LINT src/sys/netinet ip_input.c ip_output.c ip_var.h src/sys/netinet6 ip6_forward.c ip6_input.c ...
max at love2party.net
Thu Dec 4 06:04:25 PST 2003
> Making PFIL_HOOKS default in the kernel leads to some perf. loss
> in the general case which we don't want to happen. One way of
> solving this problem is to create extern pfil_hook_ pointers
> which are tested for by the ip_input/ip_output code, and if the
> pointers are not NULL, then they are called; similar to the way
> it is done with the NetGraph code.
All the overhead required now comes from the required function call to
pfil_run_hooks(), which would be eliminated if the compiler/linker
allows inlining external objects. With your suggestion you will impose
additional overhead (though testing a pointer isn't that expensive) to
the pfil case. I do agree however, that there might be better ways to
handle this. Loading pfil_hooks as a seperate module isn't that good IMO.
> This way, we can load the PFIL_HOOKS functionality as a module
> and also have the packet filtering work. I do not have any
> patches for this at the moment, but this is the general idea
> that was agreed upon, but no one got around to do it.
Can you point me at the discussion in current@, please? Must have missed
it and can't find it atm :-\
> Anyway, nice work. We need the manual pages though. :-)
> PS: I this the most up-to-date (i.e. from OpenBSD) PFIL_HOOKS?
If that's unchanged from my patchset it's NetBSD-Current implementation
and the man page should come from there. I think OpenBSD did not merge
the latest changes, but I didn't check.
Best regards, | max at xxxxxxxxxxxxxx
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier at EFnet #DragonFlyBSD
More information about the Commits