> I haven't fully explored all applications and possible tie-ins with > jails, virtual stacks etc. but it looks very interesting. > > For example I want to have multiple routing tables within the same > stack. These routing tables can be opaque or fall-through and match > on the source and destination address (not at the same time though). > This way we get ultimate routing flexibility in using FreeBSD as > router. An incoming packet on interface em0 with group priority > would first match into routing table X, and if no match fall-through > to the default routing table. Or you could create a source matching > routing table Y sending matching packets further to table Z for > low priority routing.
What you are saying clearly reminds me the way Linux does it. Basically they have about 256 routing tables available, one of them being the default one (254 IIRC). Once you have filled the those you want to use, you can assign a routing table to each packet with what they simply call "rules". The routing criteria are classical, such as "from", "to", "tos", "iif" (incoming interface)... (See the manpage [1] for more informations, the IPRoute2 framework is quite powerful.) One of the most powerful criteria it provides is "fwmark" which allows to match against a mark stamped on the skbuff (their mbuf) by the firewall. This leads to the ability to route packets based on the whole capabilities of the firewall framework (NetFilter in this case) : TCP/UDP ports, ICMP types, and so on... This might appear a little bit hackish to networking guys, especially those ones that are working on backbone routers, but this flexibility is almost nothing to add (pf already has the ability to tag packets, IIRC) and it doesn't constrain the design at all, IMHO. FYI, this has already been discussed in this subthread [2]. I have to say that I was quite impressed by Linux networking capabilities (this was in the 2.4 days), and that's why I would really like to see FreeBSD to be able to do this. > It's hard to describe this textually to its full extent. That's why > my upcoming paper will have mostly graphics depicting the packet flow > and the processing options. I'm in haste to read your paper. [1] http://www.manpage.org/cgi-bin/man/man2html?8+ip [2] http://lists.freebsd.org/pipermail/freebsd-net/2005-June/007743.html Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"