Bug 211380 - [handbook] Add rule to avoid packets that natd divert doesn't need to see
Summary: [handbook] Add rule to avoid packets that natd divert doesn't need to see
Status: New
Alias: None
Product: Documentation
Classification: Unclassified
Component: Documentation (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-doc mailing list
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2016-07-26 11:55 UTC by Alan Hicks
Modified: 2016-08-02 21:05 UTC (History)
0 users

See Also:


Attachments
Patch to add firewall rule to example (1.17 KB, text/plain)
2016-07-26 11:55 UTC, Alan Hicks
no flags Details
igor -R test (1.52 KB, text/plain)
2016-07-26 11:57 UTC, Alan Hicks
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alan Hicks 2016-07-26 11:55:16 UTC
Created attachment 172993 [details]
Patch to add firewall rule to example

natd can have higher utilisation when it sees unnecessary packets.

Adding a rule to send packets out that natd doesn't need to reduces CPU cycles.

For background see
https://lists.freebsd.org/pipermail/freebsd-ipfw/2013-February/005306.html

My testing and implementation reduced ~50% wcpu to < 1%
Comment 1 Alan Hicks 2016-07-26 11:57:33 UTC
Created attachment 172994 [details]
igor -R test