From bf59255f44b237ad6eceab3318e2c8afbe16b39d Mon Sep 17 00:00:00 2001 From: Andre Oppermann Date: Sat, 23 Oct 2004 18:45:53 +0000 Subject: [PATCH] o Remove entire section talking about RTF_PRCLONING that got nuked in 5.2 already. o Better description of IP fastforwarding. It can do the full thing now including firewalling. o Reword the description of ICMP redirects. o Add references to route(4) and pfil(9). --- share/man/man4/inet.4 | 101 +++++++++++------------------------------- 1 file changed, 25 insertions(+), 76 deletions(-) diff --git a/share/man/man4/inet.4 b/share/man/man4/inet.4 index a8e9c876f2f7..93e2a1b01108 100644 --- a/share/man/man4/inet.4 +++ b/share/man/man4/inet.4 @@ -32,7 +32,7 @@ .\" From: @(#)inet.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd August 15, 2004 +.Dd October 23, 2004 .Dt INET 4 .Os .Sh NAME @@ -151,69 +151,6 @@ then subnets are in use. .It Dv SIOCGIFNETMASK Get interface network mask. .El -.Sh ROUTING -The current implementation of Internet protocols includes some routing-table -adaptations to provide enhanced caching of certain end-to-end -information necessary for Transaction TCP and Path MTU Discovery. -The -following changes are the most significant: -.Bl -enum -.It -All IP routes, except those with the -.Dv RTF_CLONING -flag and those to multicast destinations, have the -.Dv RTF_PRCLONING -flag forcibly enabled (they are thus said to be -.Dq "protocol cloning" ) . -.It -When the last reference to an IP route is dropped, the route is -examined to determine if it was created by cloning such a route. -If this is the case, the -.Dv RTF_PROTO3 -flag is turned on, and the expiration timer is initialized to go off -in net.inet.ip.rtexpire seconds. -If such a route is re-referenced, -the flag and expiration timer are reset. -.It -A kernel timeout runs once every ten minutes, or sooner if there are -soon-to-expire routes in the kernel routing table, and deletes the -expired routes. -.El -.Pp -A dynamic process is in place to modify the value of -net.inet.ip.rtexpire if the number of cached routes grows too large. -If after an expiration run there are still more than -net.inet.ip.rtmaxcache unreferenced routes remaining, the rtexpire -value is multiplied by 3/4, and any routes which have longer -expiration times have those times adjusted. -This process is damped somewhat by specification of a minimum rtexpire value -(net.inet.ip.rtminexpire), and by restricting the reduction to once in -a ten-minute period. -.Pp -If some external process deletes the original route from which a -protocol-cloned route was generated, the -.Dq child route -is deleted. -(This is actually a generic mechanism in the routing code support for -protocol-requested cloning.) -.Pp -No attempt is made to manage routes which were not created by protocol -cloning; these are assumed to be static, under the management of an -external routing process, or under the management of a link layer -(e.g., -.Tn ARP -for Ethernets). -.Pp -Only certain types of network activity will result in the cloning of a -route using this mechanism. -Specifically, those protocols (such as -.Tn TCP -and -.Tn UDP ) -which themselves cache a long-lasting reference to route for a destination -will trigger the mechanism; whereas raw -.Tn IP -packets, whether locally-generated or forwarded, will not. .Ss MIB Variables A number of variables are implemented in the net.inet branch of the .Xr sysctl 3 @@ -228,22 +165,32 @@ Boolean: enable/disable forwarding of IP packets. Defaults to off. .It Dv IPCTL_FASTFORWARDING .Pq ip.fastforwarding -Boolean: enable/disable the use of fast IP forwarding code. +Boolean: enable/disable the use of +.Tn fast IP forwarding +code. Defaults to off. -When fast forwarding is enabled, IP packets are forwarded directly to -the appropriate network interface with a minimal validity checking, which -greatly improves the throughput. -On the other hand, they bypass the -standard procedures, such as IP option processing and -.Xr ipfirewall 4 -checking. -It is not guaranteed that every packet will be fast-forwarded. +When +.Tn fast IP forwarding +is enabled, IP packets are forwarded directly to the appropriate network +interface with direct processing to completion, which greatly improves +the throughput. +All packets for local IP addresses, non-unicast, or with IP options are +handled by the normal IP input processing path. +All features of the normal (slow) IP forwarding path are supported +including firewall (through +.Xr pfil 9 +hooks) checking, except +.Xr IPSEC 4 +tunnel brokering. +The +.Tn IP fastforwarding +path does not generate ICMP redirect or source quench messages. .It Dv IPCTL_SENDREDIRECTS .Pq ip.redirect Boolean: enable/disable sending of ICMP redirects in response to -unforwardable .Tn IP -packets. +packets for which a better, and for the sender directly reachable, route +and next hop is known. Defaults to on. .It Dv IPCTL_DEFTTL .Pq ip.ttl @@ -310,9 +257,11 @@ IPv6 flow IDs and fragment IDs are always random. .Xr intro 4 , .Xr ip 4 , .Xr ipfirewall 4 , +.Xr route 4 , .Xr tcp 4 , .Xr ttcp 4 , -.Xr udp 4 +.Xr udp 4, +.Xr pfil 9 .Rs .%T "An Introductory 4.3 BSD Interprocess Communication Tutorial" .%B PS1