*Any more suggestion?* *Hi,*
*Regards,* *Bill Yuan* On 13 December 2014 at 09:15, bycn82 <[email protected]> wrote: > *Hi,* > > *here are the three options I mentioned in my previous email. actually I > also did not check into the detail of the implementation.* > > *Option1: Port the "full implementation" from FreeBSD. that means support > FIB from socket to PCB and thread and all the way down to routing table. > even a syscall is needed. * > > *Option2: A "Cut Off" version of FIB, it means only create multiple > routing tables, and find a way to mark the traffic by > src/dst/socket/thread/whatever, * > > *Option3: "I Quit", Lots of effort needed especially for option1. Instead > I ask myself "why we need that?", the "fwd" in ipfw or "rdr-to" in PF can > fulfil the most requirements already, So maybe just find a direction to > enhance it.* > > *The original developer(Julian Elischer)** is every kind and explained to > me about the fib and pointed out 10 items in one email (it is very helpful > :) ) I did not dive into the source level yet but I want to say that "FIB > in FreeBSD is great and it can be implemented because that developer is a > legendary person!", so I prefer to the option 2 or 3 for myself. because > that 10 items probably will cause me 100 months effort and outcome with > 1000 bugs :) * > > *So i think it is better to try the simplest way to provide "multi > routing" for * > *1. jail* > *2. socket/process/uid* > *3. ?? any other idea* > > *BTW, which option do yo prefer? * > > *regards,* > *bycn82* > > > > > On Sat, Dec 13, 2014 at 8:14 AM, Matthew Dillon <[email protected]> > wrote: >> >> I'm really not happy with the way FreeBSD implemented multiple routing >> tables and I don't really want to see those massive hacks brought into >> DragonFly. I don't know what the best solution is per-say. Probably >> better to hang a pointer directly off the kernel thread structure >> (sys/thread.h) and have a separate kernel domain topology rather than using >> jails. >> >> -Matt >> >> On Thu, Dec 11, 2014 at 11:11 PM, Matthias Rampke < >> [email protected]> wrote: >>> >>> Three scenarios come to mind: >>> >>> 1) different routing for (some) VMs or Jails from the host (host uses >>> one internet connection, jail uses another) >>> 2) ditto, but for unjailed processes or users >>> 3) different routing for (certain) forwardings >>> >>> I have implemented 3) without multiple routing tables, just using pf, in >>> OpenBSD[0], but have not yet checked if this is possible with Dragonfly pf. >>> I failed at 1) once due to the lack of multiple routing tables but did not >>> know the pf way at the time. >>> >>> /Matthias >>> >>> [0] http://rampke.de/posts/ipv6-openvpn/ >>> >>> On Fri, Dec 12, 2014, 02:33 bycn82 <[email protected]> wrote: >>> >>> * In what kind of scenario you are going to use the "multiple routing >>> table" (FIB in FreeBSD)? if you are familiar with it. * >>> >>> >>>
