From owner-freebsd-net@FreeBSD.ORG Sat Jan 28 18:13:43 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C40E1065673 for ; Sat, 28 Jan 2012 18:13:43 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 053098FC08 for ; Sat, 28 Jan 2012 18:13:42 +0000 (UTC) Received: by eaaa14 with SMTP id a14so1070526eaa.13 for ; Sat, 28 Jan 2012 10:13:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:message-id:date:from:reply-to:user-agent:mime-version:to :subject:references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=vLNitgCl3UNs1PmOEAhJPcI01RxATIfiau8pWR0ZLMI=; b=TnKUN06p6bKwgnd0TtXlBJPL9zbxozziSXC8X3YRoHve//9q4SZUSAMWD2bkKH32hl Hd/nDX50qV40fYwt7iSRQKQ3oiFrVwBJZbXktKeZo3mPJKxC3unTLHHHr0tEYgIkco/f 6Ktyq7mNyMERSCev4C+ULQwew/kyWdN32vzrc= Received: by 10.213.16.75 with SMTP id n11mr1829226eba.106.1327774421945; Sat, 28 Jan 2012 10:13:41 -0800 (PST) Received: from [192.168.0.109] ([95.232.4.130]) by mx.google.com with ESMTPS id b49sm46833916eec.9.2012.01.28.10.13.39 (version=SSLv3 cipher=OTHER); Sat, 28 Jan 2012 10:13:40 -0800 (PST) Sender: K Macy Message-ID: <4F243AD5.6070902@freebsd.org> Date: Sat, 28 Jan 2012 19:13:41 +0100 From: Kip Macy User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16 MIME-Version: 1.0 To: freebsd-net@freebsd.org, weongyo@freebsd.org References: <20120128011235.GC24242@wgj.corp.aryaka.com> In-Reply-To: <20120128011235.GC24242@wgj.corp.aryaka.com> X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: a question about flowtable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: kmacy@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jan 2012 18:13:43 -0000 On 01/28/2012 02:12 AM, Weongyo Jeong wrote: > Hello Kip, > > I had looked flowtable code briefly and still not sure whether I > understand it correctly. At this moment I have a question. > > Is it possible to apply flowtable techniques for forwarding packets? If > I understand it right it looks it's impossible at current status because > flowtable is only applied when ro == NULL at ip_output(). Is it > intentional one? > You can pass in a struct route filled in by a flowtable lookup in ip_output. I have made this change in a number of branches and I know at least one firewall is seeing good results from doing this. The one thing to be careful about is that the number of cached flows scales with the number of IPs and not the number of prefixes. Cheers, Kip