Multiple routing tables Or Policy routing for Dragonfly

bycn82 bycn82 at gmail.com
Sun Dec 21 01:56:22 PST 2014


*​Any more suggestion?​*

*Hi,*


*Regards,*
*Bill Yuan*

On 13 December 2014 at 09:15, bycn82 <bycn82 at gmail.com> wrote:

> *Hi,*
>
> *here are the three options I mentioned in my previous email. actually I
> also did not check into the detail of the implementation.*
>
> *Option1: Port the "full implementation" from FreeBSD. that means support
> FIB from socket to PCB and thread and all the way down to routing table.
> even a syscall is needed. *
>
> *Option2: A "Cut Off" version of FIB, it means only create multiple
> routing tables, and find a way to mark the traffic by
> src/dst/socket/thread/whatever, *
>
> *Option3: "I Quit", Lots of effort needed especially for option1. Instead
> I ask myself "why we need that?", the "fwd" in ipfw or "rdr-to" in PF can
> fulfil the most requirements already, So maybe just find a direction to
> enhance it.*
>
> *The original developer(Julian Elischer)** is every kind and explained to
> me about the fib and pointed out 10 items in one email (it is very helpful
> :) ) I did not dive into the source level yet but I want to say that "FIB
> in FreeBSD is great and it can be implemented because that developer is a
> legendary person!", so I prefer to the option 2 or 3 for myself. because
> that 10 items probably will cause me 100 months effort and outcome with
> 1000 bugs :) *
>
> *So i think it is better to try the simplest way to provide "multi
> routing" for *
> *1. jail*
> *2. socket/process/uid*
> *3. ?? any other idea*
>
> *BTW, which option do yo prefer? *
>
> *regards,*
> *bycn82*
>
>
>
>
> On Sat, Dec 13, 2014 at 8:14 AM, Matthew Dillon <dillon at backplane.com>
> wrote:
>>
>> I'm really not happy with the way FreeBSD implemented multiple routing
>> tables and I don't really want to see those massive hacks brought into
>> DragonFly.  I don't know what the best solution is per-say.  Probably
>> better to hang a pointer directly off the kernel thread structure
>> (sys/thread.h) and have a separate kernel domain topology rather than using
>> jails.
>>
>> -Matt
>>
>> On Thu, Dec 11, 2014 at 11:11 PM, Matthias Rampke <
>> matthias.rampke at googlemail.com> wrote:
>>>
>>> Three scenarios come to mind:
>>>
>>> 1) different routing for (some) VMs or Jails from the host (host uses
>>> one internet connection, jail uses another)
>>> 2) ditto, but for unjailed processes or users
>>> 3) different routing for (certain) forwardings
>>>
>>> I have implemented 3) without multiple routing tables, just using pf, in
>>> OpenBSD[0], but have not yet checked if this is possible with Dragonfly pf.
>>> I failed at 1) once due to the lack of multiple routing tables but did not
>>> know the pf way at the time.
>>>
>>> /Matthias
>>>
>>> [0] http://rampke.de/posts/ipv6-openvpn/
>>>
>>> On Fri, Dec 12, 2014, 02:33 bycn82 <bycn82 at gmail.com> wrote:
>>>
>>> * In what kind of scenario you are going to use the "multiple routing
>>> table" (FIB in FreeBSD)? if you are familiar with it. *
>>>
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20141221/2ef069d7/attachment-0002.html>


More information about the Users mailing list