On Sat, Jul 25, 2009 at 10:54:55AM +0100, Stuart Henderson wrote: > (moved from misc to tech) > > On 2009-07-07, Insan Praja SW <[email protected]> wrote: > > After updating to i386 4.6-current, my multirouting tables is no longer > > working. I wonder if this because of the new rodomain thingy.. which is > > cool. > > So here it is. > > > > $ sudo route -T1 add default 202.149.83.213 > > route: writing to routing socket: Network is unreachable > > add net default: gateway 202.149.83.213: Network is unreachable > .. > > vlan95: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > You don't have the interface set into an rdomain; if you do that (ifconfig > > vlan95 rdomain 1), you can add the route as above, but then I think you'll > have problems when actually sending packets using rtable in pf; e.g. >
Yes, that's fallout from rdomain (at the moment all gateways need to be resolved via the same table). I want to fix this in the next days. > ... > nat on re1 from (sk0:network) to any -> (re1) > pass in on sk0 to 192.168.46.49 rtable 1 > ... > > re1: trying to send packet on wrong domain. 1 vs. 0, AF 2 > (same with physical ifaces vs. vlans). > More or less the same problem here. But I think you will not see the error with vlan interfaces. Vlans do not call ether_output but instead use directly the start function of the physical interface. If this is not true please show me what you do to hit this. > The only way I found to do this is to move the interface sourcing the > traffic into the same routing table, but since one common use of rtable > is to split traffic up and e.g. route web traffic via one path, other > traffic via another, from the same network, this isn't too useful. > > Seems like maybe something is missing from PF to handle this, I won't > have chance to look further today but thought I'd post now so you know > it's not just you as I didn't see any other comments on this. > Will be fixed with the rtable vs. rdomain problem. In the end both will be equivalent and pf can jump between rdomains and rtables. > While looking at this I noticed one other thing; setting rdomain > removes IPv6 addresses, after which point it seems impossible to > put the link-local address back even after returning rdomain to 0. > (I can hear Claudio sighing already, sorry!) > SIGH. IPv6 is not handled at all. Until now I tried to stay away from this piranha infested pond. Let me first fix the rdomain vs. rtable thing and then I'll have a look at this. -- :wq Claudio
