From owner-freebsd-current  Tue May 19 11:01:55 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA07526
          for freebsd-current-outgoing; Tue, 19 May 1998 11:01:55 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA07508;
          Tue, 19 May 1998 11:01:43 -0700 (PDT)
          (envelope-from luigi@labinfo.iet.unipi.it)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id SAA09928; Tue, 19 May 1998 18:18:22 +0200
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199805191618.SAA09928@labinfo.iet.unipi.it>
Subject: Re: cvs commit: src/sys/conf files src/sys/net if_ethersubr.c if_fddisubr.c if_ppp.c src/sys/netinet ip_flow.c in.h in_var.h ip_OR
To: eivind@yes.no (Eivind Eklund)
Date: Tue, 19 May 1998 18:18:22 +0200 (MET DST)
Cc: dg@FreeBSD.ORG, current@FreeBSD.ORG
In-Reply-To: <19980519163734.18175@follo.net> from "Eivind Eklund" at May 19, 98 04:37:15 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> >   Log:
> >   Added fast IP forwarding code by Matt Thomas <matt@3am-software.com> via
> >   NetBSD, ported to FreeBSD by Pierre Beyssac <pb@fasterix.freenix.org> and
> >   minorly tweaked by me.
> >   This is a standard part of FreeBSD, but must be enabled with:
> >   "sysctl -w net.inet.ip.fastforwarding=1" ...and of course forwarding must
> 
> Why is this?  What are the downsides - just that it is temporary code?

not just that. It completely bypasses the ipfw code.
It is also missing some checks on forwarded packets (e.g. IP header
checksum is not tested, although i don't know if it is mandatory, and
in any case this is easier to fix).

It contains lots of nice ideas though. I was wondering if we could put
at least some into the standard path as well.

E.g. when forwarding a packet, there is a call to ip_output() with the
IP_FORWARDING flag set. We could easily use this info to skip some
checks and work in ip_output (e.g. avoid recomputing the checksum).

Also flow through the firewall code can be optimized since the packet
has been already classified.

	cheers
	luigi
-----------------------------+--------------------------------------
Luigi Rizzo                  |  Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it    |  Universita' di Pisa
tel: +39-50-568533           |  via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522           |  http://www.iet.unipi.it/~luigi/
_____________________________|______________________________________

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message