*Hi,* *here are the three options I mentioned in my previous email. actually I also did not check into the detail of the implementation.*
*Option1: Port the "full implementation" from FreeBSD. that means support FIB from socket to PCB and thread and all the way down to routing table. even a syscall is needed. * *Option2: A "Cut Off" version of FIB, it means only create multiple routing tables, and find a way to mark the traffic by src/dst/socket/thread/whatever, * *Option3: "I Quit", Lots of effort needed especially for option1. Instead I ask myself "why we need that?", the "fwd" in ipfw or "rdr-to" in PF can fulfil the most requirements already, So maybe just find a direction to enhance it.* *The original developer(Julian Elischer)** is every kind and explained to me about the fib and pointed out 10 items in one email (it is very helpful :) ) I did not dive into the source level yet but I want to say that "FIB in FreeBSD is great and it can be implemented because that developer is a legendary person!", so I prefer to the option 2 or 3 for myself. because that 10 items probably will cause me 100 months effort and outcome with 1000 bugs :) * *So i think it is better to try the simplest way to provide "multi routing" for * *1. jail* *2. socket/process/uid* *3. ?? any other idea* *BTW, which option do yo prefer? * *regards,* *bycn82* On Sat, Dec 13, 2014 at 8:14 AM, Matthew Dillon <[email protected]> wrote: > > I'm really not happy with the way FreeBSD implemented multiple routing > tables and I don't really want to see those massive hacks brought into > DragonFly. I don't know what the best solution is per-say. Probably > better to hang a pointer directly off the kernel thread structure > (sys/thread.h) and have a separate kernel domain topology rather than using > jails. > > -Matt > > On Thu, Dec 11, 2014 at 11:11 PM, Matthias Rampke < > [email protected]> wrote: >> >> Three scenarios come to mind: >> >> 1) different routing for (some) VMs or Jails from the host (host uses one >> internet connection, jail uses another) >> 2) ditto, but for unjailed processes or users >> 3) different routing for (certain) forwardings >> >> I have implemented 3) without multiple routing tables, just using pf, in >> OpenBSD[0], but have not yet checked if this is possible with Dragonfly pf. >> I failed at 1) once due to the lack of multiple routing tables but did not >> know the pf way at the time. >> >> /Matthias >> >> [0] http://rampke.de/posts/ipv6-openvpn/ >> >> On Fri, Dec 12, 2014, 02:33 bycn82 <[email protected]> wrote: >> >> * In what kind of scenario you are going to use the "multiple routing >> table" (FIB in FreeBSD)? if you are familiar with it. * >> >> >>
