From: Dimitris Michailidis <[EMAIL PROTECTED]> Date: Fri, 12 Aug 2005 10:22:47 -0700
> This is true. There is nothing fundamentally preventing both passive > and active opens to check netfilter before OKing a connection. Once a > connection is established, it's rather impractical to run each of its > packets through netfilter, this is 10G after all. You'd probably not > lose much functionality that you could have otherwise used at these > speeds. People don't use netfilter just for state tracking and "filtering", they also use it to some extent for rate limiting, packet logging, and similar things. And as busses and cpus get faster, your "this is 10G after all" argument becomes null and void. Note that this TOE mess also makes the packet scheduler, queueing disciplines, and packet classifiers totally unusable as well. Essentially, half of the Linux networking stack's features are turned uncontrollably _OFF_ in the presence of TOE. It is this, along with many other reasons, why the Linux networking community, in general, are so against TOE. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
