On Mon, Oct 23, 2023 at 06:08:37PM +0200, tetrosalame wrote: > Hello misc, > > I'm playing with rdomain/rtable on OpenBSD 7.4 and I'm a bit confused about > the relation between rdomains and rtables. > > If I got rdomain(4) right, the two facilities are designed so that a rdomain > can hold 0-255 rtables. Even rdomain 0 -no rdomain configured- can hold > several rtables. IP addresses can overlap if configured in different > rdomains.
No, this is not right. rtables are part of rdomains. So rdomain 0 has rtable 0. rdomain 1 uses rtable 1. rdomain 2 uses rtable 2 and so on. Now it is possible to assign an extra rtable to an rdomain but as you found out there is no tool right now to allow this for any rdomain != 0. Doing this properly would probably require some new route(4) messages so that userland daemons can act on this as well. I never really needed this flexibility so I never implemented it. > In my mind the design is somehow "hierarchical" > > rdomain 0 > |--> rtable 0 > |--> rtable 1 > |... > |--> rtable 255 > > rdomain 1 > |--> rtable 0 > |--> rtable 1 > |... > |--> rtable 255 > > but in practice, since there's no utility to add more rtables beyond the > default one per rdomain, in the current implementation OS tools (pf, route, > ifconfig, daemons etc...) take advantage of these facilities in a "flat" > way: > > rdomain 0 > |--> rtable 0 > > rdomain 1 > |--> rtable 0 This is a wrong view. The system has 255 rtables. You can make an rtable an rdomain when the rtable is using itself to lookup link local addresses. So the visualisation is the other way around: rtable 0 => rdomain 0 rtable 1 => rdomain 1 rtable 2 => rdomain 2 ... rtable 42 => rdomain 0 ... In this case the tables 0, 1, 2 are rdomains while table 42 is just an alternate routing table for rdomain 0. > > and so on, where rtables are numbered after their containing rdomain. > Documentation refers to rdomains when it's appropriate to think about a > logical segment of the routing space, while it refers to rtables when the > concept is "do something with routing table number XXX". > > So while in theory one should think about rdomains first and then about the > rtables that belong to each of them, in current usage they're the same > thing: $tool -T $number and don't bother. > > But...I read the slides presented by Peter Hessler (thank you) at EuroBSD > 2012 and everything was clear...well, until I came to slide 16 and pf > ruleset "pass in on rdomain 2 rtable 4" (1). I'm puzzled: how can I "create" > rtable 4 inside rdomain 2? That rule matches packets on rdomain 2 and uses rtable 4 (which can be an rdomain) to forward the packets. > Thanks and I apologize for my lack of brevity. > > f. > > 1: > https://www.openbsd.org/papers/eurobsd2012/phessler-rdomains/mgp00016.html > -- :wq Claudio
