From owner-freebsd-net  Fri Jun 29  9:18:47 2001
Delivered-To: freebsd-net@freebsd.org
Received: from sneakerz.org (sneakerz.org [216.33.66.254])
	by hub.freebsd.org (Postfix) with ESMTP id 9DAD637B403
	for <freebsd-net@freebsd.org>; Fri, 29 Jun 2001 09:18:41 -0700 (PDT)
	(envelope-from bright@sneakerz.org)
Received: by sneakerz.org (Postfix, from userid 1092)
	id 1A8425D010; Fri, 29 Jun 2001 11:18:31 -0500 (CDT)
Date: Fri, 29 Jun 2001 11:18:31 -0500
From: Alfred Perlstein <bright@sneakerz.org>
To: Clark Gaylord <cgaylord@vt.edu>
Cc: freebsd-net@freebsd.org
Subject: Re: fastforwarding?
Message-ID: <20010629111830.F78038@sneakerz.org>
References: <GPEOJKGHAMKFIOMAGMDICEOJDGAA.deepak@ai.net> <20010626093545.D49992@sunbay.com> <3B3AB4F8.184A2EFE@softweyr.com> <20010629075815.N55750@e028121.vtacs.vt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <20010629075815.N55750@e028121.vtacs.vt.edu>; from cgaylord@vt.edu on Fri, Jun 29, 2001 at 07:58:16AM -0400
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

* Clark Gaylord <cgaylord@vt.edu> [010629 06:59] wrote:
> On Wed, Jun 27, 2001 at 10:39:20PM -0600, Wes Peters wrote:
> > Ruslan Ermilov wrote:
> > > On Mon, Jun 25, 2001 at 06:47:41PM -0400, Deepak Jain wrote:
> > > > ...
> > > > What does the fastforwarding option do that the normal forwarding option
> > > > doesn't?
> > > >
> > > See inet(4).
> > 
> > The description there isn't very forthcoming.  fastforwarding caches
> > the results of a route lookup for destination addresses that are not
> > on the local machine, and uses the cached route to short-circuit the
> > normal (relatively slow) route lookup process.  The packet flows 
> > directly from one layer2 input routine directly to the opposing 
> > layer2 output routine without traversing the IP layer.
> 
> I notice the man page points out that this prevents the use of
> ipfilter, etc.  The first packet(s?) do get forwarded by the usual
> process (yes?), so does this imply that at least a "deny X" would
> still work (as the first packet would get denied and hence the
> cache does not get populated)?  What are the limitations to ipfw
> and friends working right in conjunction with fastforwarding?

I really doubt that your assumptions are true.

-- 
-Alfred Perlstein [alfred@freebsd.org]
Ok, who wrote this damn function called '??'?
And why do my programs keep crashing in it?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message