Subject: IPv4 fast routing versus IPSEC
To: None <>
From: Erik E. Fair <>
List: tech-net
Date: 02/23/2003 14:46:59
I want to build a NetBSD-based router that can fast forward and
also supports IPSEC. Alas, in ip_input.c, I found this:

#ifdef IPSEC
	/* ipflow (IP fast forwarding) is not compatible with IPsec. */
	m->m_flags &= ~M_CANFASTFWD;
	 * Assume that we can create a fast-forward IP flow entry
	 * based on this packet.
	m->m_flags |= M_CANFASTFWD;

CVS log tell this tale:

| ----------------------------
| revision 1.94
| date: 1999/10/26 09:53:17;  author: itojun;  state: Exp;  lines: +6 -1
| disable ipflow (IPv4 fast fowarding) when IPsec is configured into the kernel.

Why is this the case?

	Erik <>