NAT without offloading capabilities


doing more than just packet forwarding? proxy, ipsec, ...?
packet forwarding is only a fraction of your total cost
doesn't make a difference

could cksum headers before & after pf, apply delta
not using offloading engines then, thus hurting the offloading case
offloading is very and becomes even more common
especially where performance matters
I'd rather optimize for that case