Subject: IPv4 fast routing versus IPSEC
To: None <firstname.lastname@example.org>
From: Erik E. Fair <email@example.com>
Date: 02/23/2003 14:46:59
I want to build a NetBSD-based router that can fast forward and
also supports IPSEC. Alas, in ip_input.c, I found this:
/* ipflow (IP fast forwarding) is not compatible with IPsec. */
m->m_flags &= ~M_CANFASTFWD;
* Assume that we can create a fast-forward IP flow entry
* based on this packet.
m->m_flags |= M_CANFASTFWD;
CVS log tell this tale:
| revision 1.94
| date: 1999/10/26 09:53:17; author: itojun; state: Exp; lines: +6 -1
| disable ipflow (IPv4 fast fowarding) when IPsec is configured into the kernel.
Why is this the case?