<div dir="ltr"><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">Hi,</font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">here are the three options I mentioned in my previous email. actually I also did not check into the detail of the implementation.</font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">Option1: Port the "full implementation" from FreeBSD. that means support FIB from socket to PCB and thread and all the way down to routing table. even a syscall is needed. </font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">Option2: A "Cut Off" version of FIB, it means only create multiple routing tables, and find a way to mark the traffic by src/dst/socket/thread/whatever, </font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">Option3: "I Quit", Lots of effort needed especially for option1. Instead I ask myself "why we need that?", the "fwd" in ipfw or "rdr-to" in PF can fulfil the most requirements already, So maybe just find a direction to enhance it.</font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">The original developer(Julian Elischer)</font></i><i><font color="#9900ff" face="verdana, sans-serif"> is every kind and explained to me about the fib and pointed out 10 items in one email (it is very helpful :) ) I did not dive into the source level yet but I want to say that "FIB in FreeBSD is great and it can be implemented because that developer is a legendary person!", so I prefer to the option 2 or 3 for myself. because that 10 items probably will cause me 100 months effort and outcome with 1000 bugs :) </font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">So i think it is better to try the simplest way to provide "multi routing" for </font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">1. jail</font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">2. socket/process/uid</font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">3. ?? any other idea</font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">BTW, which option do yo prefer? </font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">regards,</font></i></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif">bycn82</font></i></div><div class="gmail_default"><br></div><div class="gmail_default"><br></div><div class="gmail_default"><i><font color="#9900ff" face="verdana, sans-serif"> </font></i></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Dec 13, 2014 at 8:14 AM, Matthew Dillon <span dir="ltr"><<a href="mailto:dillon@backplane.com" target="_blank">dillon@backplane.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I'm really not happy with the way FreeBSD implemented multiple routing tables and I don't really want to see those massive hacks brought into DragonFly. I don't know what the best solution is per-say. Probably better to hang a pointer directly off the kernel thread structure (sys/thread.h) and have a separate kernel domain topology rather than using jails.<br><br></div>-Matt<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Dec 11, 2014 at 11:11 PM, Matthias Rampke <span dir="ltr"><<a href="mailto:matthias.rampke@googlemail.com" target="_blank">matthias.rampke@googlemail.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Three scenarios come to mind:</p>
<p dir="ltr">1) different routing for (some) VMs or Jails from the host (host uses one internet connection, jail uses another)<br>
2) ditto, but for unjailed processes or users<br>
3) different routing for (certain) forwardings</p>
<p dir="ltr">I have implemented 3) without multiple routing tables, just using pf, in OpenBSD[0], but have not yet checked if this is possible with Dragonfly pf. I failed at 1) once due to the lack of multiple routing tables but did not know the pf way at the time.</p>
<p dir="ltr">/Matthias<br></p>
<p dir="ltr">[0] <a href="http://rampke.de/posts/ipv6-openvpn/" target="_blank">http://rampke.de/posts/ipv6-openvpn/</a></p><div><div>
<p dir="ltr"></p>
<p dir="ltr">On Fri, Dec 12, 2014, 02:33 bycn82 <<a href="mailto:bycn82@gmail.com" target="_blank">bycn82@gmail.com</a>> wrote:</p>
<blockquote><p dir="ltr"><i> In what kind of scenario you are going to use the "multiple routing table" (FIB in FreeBSD)? if you are familiar with it. </i></p>
</blockquote>
<p dir="ltr"><br>
</p>
</div></div></blockquote></div></div>
</div></div></blockquote></div></div>