Firewall Wizards mailing list archives

Re: Firewall performance

From: Darren Reed <darrenr () reed wattle id au>
Date: Tue, 29 Jun 1999 16:42:47 +1000 (EST)

In some email I received from David C Niemi, sie wrote:



By the way, 3 copies for routing an IP packet under Linux is way off, not
even Linux 1.0 did that many ;^)  2.2 will typically do a DMA in and a DMA
out and appropriate futzing of headers; and there is a special case to do
direct NIC-to-NIC transfers with certain hardware to cut out one of those
DMAs (if I understand NET_FASTROUTE option correctly).


So how do you firewall packets which go from one NIC to the other, directly ?

Such features whilst nice for some applications are perhaps best left alone
when it comes to firewalling lest something sneak through unbeknowst to you.

Darrennn

Current thread:

Re: Firewall performance Sandy Green (Jun 23)
- Re: Firewall performance Chris Brenton (Jun 23)
- Re: Firewall performance Lance Spitzner (Jun 23)
- Re: Firewall performance Carric Dooley (Jun 25)
- <Possible follow-ups>
- RE: Firewall performance Choi, Byoung (Jun 23)
- RE: Firewall performance sean . kelly (Jun 23)
- RE: Firewall performance Marcus J. Ranum (Jun 23)
  - RE: Firewall performance David LeBlanc (Jun 28)
- RE: Firewall performance Ryan Russell (Jun 24)
  - RE: Firewall performance David C Niemi (Jun 28)
    - Re: Firewall performance Darren Reed (Jun 29)
    - Re: Firewall performance Mike Shaver (Jun 29)
    - Re: Firewall performance Darren Reed (Jun 29)
  - RE: Firewall performance David LeBlanc (Jun 28)
- Re: Firewall performance Robert Graham (Jun 28)
- RE: Firewall performance Robert Graham (Jun 28)
- Re: Firewall performance Sean Costello (Jun 28)