Hi,
I have am setting up a router that needs to handle a lot of
traffic. I am using a Dell 2950 that I have added Intel Gig cards into
(em). This server will be running quagga (for BGP) and also use a
couple of IPFW FWD rules to forward packets to another host.
In order to get the forwarding speed I need I have turned on the
sysctl variable net.inet.ip.fastforwarding=1 What is the
ramifications of this? Will it still work with routing software like
quagga or allow IPFW to still forward packets?
Re: What does the net.inet.ip.fastforwarding sysctl do? ... I am using a Dell 2950 that I have added Intel Gig cards into ... This server will be running quagga and also use a ... couple of IPFW FWD rules to forward packets to another host. ... (freebsd-net)
Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) ... For simple using, however, you don't need to bother all that details - just remember magic number and where to place it, and it is now simple for use with ipfw tags.... Currently the only analyzing node in FreeBSD src tree is ng_bpf, but it merely splits incoming packets in two streams, matched and not. ... There are reasons to this, as netgraph needs to be modular, and each node does a small thing, but does it well. ... For long time ng_bpf was used for another purposes in the kernel, and now, as new ipfw features appeared, ng_tag came up for easy integration. ... (freebsd-current)
Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) ... For simple using, however, you don't need to bother all that details - just remember magic number and where to place it, and it is now simple for use with ipfw tags.... Currently the only analyzing node in FreeBSD src tree is ng_bpf, but it merely splits incoming packets in two streams, matched and not. ... There are reasons to this, as netgraph needs to be modular, and each node does a small thing, but does it well. ... For long time ng_bpf was used for another purposes in the kernel, and now, as new ipfw features appeared, ng_tag came up for easy integration. ... (freebsd-isp)
Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) ... For simple using, however, you don't need to bother all that details - just remember magic number and where to place it, and it is now simple for use with ipfw tags.... Currently the only analyzing node in FreeBSD src tree is ng_bpf, but it merely splits incoming packets in two streams, matched and not. ... There are reasons to this, as netgraph needs to be modular, and each node does a small thing, but does it well. ... For long time ng_bpf was used for another purposes in the kernel, and now, as new ipfw features appeared, ng_tag came up for easy integration. ... (freebsd-net)
FreeBSD Security Advisory: FreeBSD-SA-01:08.ipfw [REVISED] ... included in FreeBSD 4.0 and above. ... based on an old version of ipfw and does not contain as many features. ... Due to overloading of the TCP reserved flags field,... incorrectly treat all TCP packets with the ECE flag set as being part ... (FreeBSD-Security)
