On Tuesday 05 April 2005 23:08, David Howland wrote:

> So, it seems to me that there is perhaps some performance problem with
> IPFilter in the kernel?  I lack the know-how to perform any other tests
> to confirm this.  How is it that userland processes can be allowed to
> trip up the in-kernel packet forwarding?  All I have to do is start a
> big make (eg build.sh distribution) and response time goes to hell.  I
> am surprised to find that this kind of thing hasn't been reported by
> anyone else.

The obvious question: what happens if you disable ipfilter?
(Either through /etc/rc.d/ipfilter stop or by removing it from the kernel.)

-- 
Julio M. Merino Vidal <jmmv84@gmail.com>
http://www.livejournal.com/users/jmmv/
The NetBSD Project - http://www.NetBSD.org/