Nicolai Petri wrote:
>
> Hi hackers,
>
> I've used some time writing a custom natd like daemon which makes som
> speciel packet processing.
> One of the issues with the natd approach is the large amount of
> context-switches it gives.
> This can be a real performance problem on very loaded networks. Would it be
> possible to do this with netgraph instead. And what is the pro's and con's
> for this approach.
>
> As a second step in developement how should protocol verification
> (ftp/smtp/whatever) be added to a netgraph firewall approach in a structured
> and dynamic extendable way ?
Unfortunatly, the netgraph code does not have a hook into the IP
code so at this time you cannot pass packets into the
IP protocol and have them then go to netgraph.
You could however put a filter onto the ethernet interface, but then you'd have
to take into account the 14 byte header too.
>
> Best regards,
> Nicolai Petri
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
--
+------------------------------------+ ______ _ __
| __--_|\ Julian Elischer | \ U \/ / hard at work in
| / \ [EMAIL PROTECTED] +------>x USA \ a very strange
| ( OZ ) \___ ___ | country !
+- X_.---._/ presently in San Francisco \_/ \\
v
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message