On Mon, Feb 24, 2003 at 08:58:27PM -0500, Thor Lancelot Simon wrote:

 > Hm.  There's no advantage to using the ipflow cache to make forwarding
 > decisions about packets that will require IPsec processing (or that have
 > been IPsec-processed)?

The way the ipflow code works is that if there is an ipflow entry, the
packet is fast-forwarded, period.  Otherwise, it goes through the normal
ip_input path.  Thus, if you need to do IPsec processing, you should not
create an ipflow entry :-)

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>