Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Mar 2005 20:47:38 +0200
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        "J.D. Bronson" <jbronson@wixb.com>
Cc:        Chris Hodgins <chodgins@cis.strath.ac.uk>
Subject:   Re: [repost] ip.forwarding with pf
Message-ID:  <20050303184737.GA53253@orion.daedalusnetworks.priv>
In-Reply-To: <6.2.0.14.2.20050303122709.00b4fe10@localhost>
References:  <6.2.0.14.2.20050303061448.00a34520@localhost> <9e46c99e05030307153a916d11@mail.gmail.com> <20050303171413.GB38641@orion.daedalusnetworks.priv> <422753BD.1020508@cis.strath.ac.uk> <6.2.0.14.2.20050303122709.00b4fe10@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2005-03-03 12:28, "J.D. Bronson" <jbronson@wixb.com> wrote:
>At 12:13 PM 03/03/2005, Chris Hodgins wrote:
>>Hmm I found this:
>>http://mailman.twdx.net/pipermail/occaid/2003-October/000250.html
>>
>>Google for "freebsd net.inet.ip.fastforwarding".
>
> Hey guys...all of this seems really cool....but is it appropriate for one
> to use 'fast forwarding' when using pf/nat ?
>
> It -seems- to me that if one wants to use pf and/or nat that 'fast
> forwarding is not applicable nor desired.
>
> OTOH, if it IS desirable, I certainly want to use it.

Yes and no.

When fast forwarding is enabled, the network packets are processed
synchronously, as they arrive, at the link layer (i.e. Ethernet driver).
This lets the ethernet driver process the packets as close as possible
to the original interrupt that pulls them off the driver's input queue,
which is arguably faster than waiting for an asynchronous netisr
(network interrupt service) routine to grab them later.

This is faster for some operations, but it also breaks others.

For instance, I think IPSEC doesn't work with fast forwarding.

IP option processing is not done in the fast forwarding code.

Multicast or broadcast don't work either.

So, there are tradeoffs for the increased speed in packet processing.
But they are not related to PF or NAT.  At least, not directly.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050303184737.GA53253>