o Remove entire section talking about RTF_PRCLONING that got nuked in 5.2
already. o Better description of IP fastforwarding. It can do the full thing now including firewalling. o Reword the description of ICMP redirects. o Add references to route(4) and pfil(9).
This commit is contained in:
Andre Oppermann
parent
27f15752ff
commit
bf59255f44
@ -32,7 +32,7 @@
|
||||
.\" From: @(#)inet.4 8.1 (Berkeley) 6/5/93
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd August 15, 2004
|
||||
.Dd October 23, 2004
|
||||
.Dt INET 4
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -151,69 +151,6 @@ then subnets are in use.
|
||||
.It Dv SIOCGIFNETMASK
|
||||
Get interface network mask.
|
||||
.El
|
||||
.Sh ROUTING
|
||||
The current implementation of Internet protocols includes some routing-table
|
||||
adaptations to provide enhanced caching of certain end-to-end
|
||||
information necessary for Transaction TCP and Path MTU Discovery.
|
||||
The
|
||||
following changes are the most significant:
|
||||
.Bl -enum
|
||||
.It
|
||||
All IP routes, except those with the
|
||||
.Dv RTF_CLONING
|
||||
flag and those to multicast destinations, have the
|
||||
.Dv RTF_PRCLONING
|
||||
flag forcibly enabled (they are thus said to be
|
||||
.Dq "protocol cloning" ) .
|
||||
.It
|
||||
When the last reference to an IP route is dropped, the route is
|
||||
examined to determine if it was created by cloning such a route.
|
||||
If this is the case, the
|
||||
.Dv RTF_PROTO3
|
||||
flag is turned on, and the expiration timer is initialized to go off
|
||||
in net.inet.ip.rtexpire seconds.
|
||||
If such a route is re-referenced,
|
||||
the flag and expiration timer are reset.
|
||||
.It
|
||||
A kernel timeout runs once every ten minutes, or sooner if there are
|
||||
soon-to-expire routes in the kernel routing table, and deletes the
|
||||
expired routes.
|
||||
.El
|
||||
.Pp
|
||||
A dynamic process is in place to modify the value of
|
||||
net.inet.ip.rtexpire if the number of cached routes grows too large.
|
||||
If after an expiration run there are still more than
|
||||
net.inet.ip.rtmaxcache unreferenced routes remaining, the rtexpire
|
||||
value is multiplied by 3/4, and any routes which have longer
|
||||
expiration times have those times adjusted.
|
||||
This process is damped somewhat by specification of a minimum rtexpire value
|
||||
(net.inet.ip.rtminexpire), and by restricting the reduction to once in
|
||||
a ten-minute period.
|
||||
.Pp
|
||||
If some external process deletes the original route from which a
|
||||
protocol-cloned route was generated, the
|
||||
.Dq child route
|
||||
is deleted.
|
||||
(This is actually a generic mechanism in the routing code support for
|
||||
protocol-requested cloning.)
|
||||
.Pp
|
||||
No attempt is made to manage routes which were not created by protocol
|
||||
cloning; these are assumed to be static, under the management of an
|
||||
external routing process, or under the management of a link layer
|
||||
(e.g.,
|
||||
.Tn ARP
|
||||
for Ethernets).
|
||||
.Pp
|
||||
Only certain types of network activity will result in the cloning of a
|
||||
route using this mechanism.
|
||||
Specifically, those protocols (such as
|
||||
.Tn TCP
|
||||
and
|
||||
.Tn UDP )
|
||||
which themselves cache a long-lasting reference to route for a destination
|
||||
will trigger the mechanism; whereas raw
|
||||
.Tn IP
|
||||
packets, whether locally-generated or forwarded, will not.
|
||||
.Ss MIB Variables
|
||||
A number of variables are implemented in the net.inet branch of the
|
||||
.Xr sysctl 3
|
||||
@ -228,22 +165,32 @@ Boolean: enable/disable forwarding of IP packets.
|
||||
Defaults to off.
|
||||
.It Dv IPCTL_FASTFORWARDING
|
||||
.Pq ip.fastforwarding
|
||||
Boolean: enable/disable the use of fast IP forwarding code.
|
||||
Boolean: enable/disable the use of
|
||||
.Tn fast IP forwarding
|
||||
code.
|
||||
Defaults to off.
|
||||
When fast forwarding is enabled, IP packets are forwarded directly to
|
||||
the appropriate network interface with a minimal validity checking, which
|
||||
greatly improves the throughput.
|
||||
On the other hand, they bypass the
|
||||
standard procedures, such as IP option processing and
|
||||
.Xr ipfirewall 4
|
||||
checking.
|
||||
It is not guaranteed that every packet will be fast-forwarded.
|
||||
When
|
||||
.Tn fast IP forwarding
|
||||
is enabled, IP packets are forwarded directly to the appropriate network
|
||||
interface with direct processing to completion, which greatly improves
|
||||
the throughput.
|
||||
All packets for local IP addresses, non-unicast, or with IP options are
|
||||
handled by the normal IP input processing path.
|
||||
All features of the normal (slow) IP forwarding path are supported
|
||||
including firewall (through
|
||||
.Xr pfil 9
|
||||
hooks) checking, except
|
||||
.Xr IPSEC 4
|
||||
tunnel brokering.
|
||||
The
|
||||
.Tn IP fastforwarding
|
||||
path does not generate ICMP redirect or source quench messages.
|
||||
.It Dv IPCTL_SENDREDIRECTS
|
||||
.Pq ip.redirect
|
||||
Boolean: enable/disable sending of ICMP redirects in response to
|
||||
unforwardable
|
||||
.Tn IP
|
||||
packets.
|
||||
packets for which a better, and for the sender directly reachable, route
|
||||
and next hop is known.
|
||||
Defaults to on.
|
||||
.It Dv IPCTL_DEFTTL
|
||||
.Pq ip.ttl
|
||||
@ -310,9 +257,11 @@ IPv6 flow IDs and fragment IDs are always random.
|
||||
.Xr intro 4 ,
|
||||
.Xr ip 4 ,
|
||||
.Xr ipfirewall 4 ,
|
||||
.Xr route 4 ,
|
||||
.Xr tcp 4 ,
|
||||
.Xr ttcp 4 ,
|
||||
.Xr udp 4
|
||||
.Xr udp 4,
|
||||
.Xr pfil 9
|
||||
.Rs
|
||||
.%T "An Introductory 4.3 BSD Interprocess Communication Tutorial"
|
||||
.%B PS1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user