cvs commit: src/sys/conf files options src/sys/contrib/ipfilter/netinet ip_fil.c ip_fil.h src/sys/i386/conf GENERIC LINT src/sys/netinet ip_input.c ip_output.c ip_var.h src/sys/netinet6 ip6_forward.c ip6_input.c ...

Max Laier max at
Thu Dec 4 06:04:25 PST 2003

>     Making PFIL_HOOKS default in the kernel leads to some perf. loss
>     in the general case which we don't want to happen.  One way of
>     solving this problem is to create extern pfil_hook_ pointers
>     which are tested for by the ip_input/ip_output code, and if the
>     pointers are not NULL, then they are called; similar to the way
>     it is done with the NetGraph code.
All the overhead required now comes from the required function call to 
pfil_run_hooks(), which would be eliminated if the compiler/linker 
allows inlining external objects. With your suggestion you will impose 
additional overhead (though testing a pointer isn't that expensive) to 
the pfil case. I do agree however, that there might be better ways to 
handle this. Loading pfil_hooks as a seperate module isn't that good IMO.

>     This way, we can load the PFIL_HOOKS functionality as a module
>     and also have the packet filtering work.  I do not have any
>     patches for this at the moment, but this is the general idea
>     that was agreed upon, but no one got around to do it.
Can you point me at the discussion in current@, please? Must have missed 
it and can't find it atm :-\

>     Anyway, nice work.  We need the manual pages though. :-)
>     PS: I this the most up-to-date (i.e. from OpenBSD) PFIL_HOOKS?
If that's unchanged from my patchset it's NetBSD-Current implementation 
and the man page should come from there. I think OpenBSD did not merge 
the latest changes, but I didn't check.

Best regards,				| max at xxxxxxxxxxxxxx
Max Laier				| ICQ #67774661	| mlaier at EFnet #DragonFlyBSD

More information about the Commits mailing list