Re: Policy routing idea (Was: ipfw: Would it be possible tocontinue processing rest of rules after match ?)
From: Andre Oppermann (andre_at_freebsd.org)
Date: 06/22/05
- Previous message: Luigi Rizzo: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- In reply to: Luigi Rizzo: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Next in thread: Luigi Rizzo: "Re: Policy routing idea (Was: ipfw: Would it be possible tocontinue processing rest of rules after match ?)"
- Reply: Luigi Rizzo: "Re: Policy routing idea (Was: ipfw: Would it be possible tocontinue processing rest of rules after match ?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 22 Jun 2005 14:53:46 +0200 To: Luigi Rizzo <rizzo@icir.org>
Luigi Rizzo wrote:
>
> On Tue, Jun 21, 2005 at 09:27:30AM +0300, Ari Suutari wrote:
> > Hi,
> >
> > I sent this to ipfw mailing list some time ago, but
> > got no response. I would like to adjust ipfw behaviour
> > with fwd rules to make policy routing easier (ie. make
> > it separete from filtering rules). I would just like
> > some input if this makes any sense (or is possible at
> > all with current design).
>
> i suggest to implement a new action 'setnexthop' which stores the
> next hop as an MTAG with the packet (so it is preserved if the
> packet gets passed to dummynet).
Please don't store routing table pointers. All the locking due
to pointers to route entries in random places makes SMP a pain
a slows down routing table lookups.
> But perhaps, rather than a specific next hop, maybe you want to
> pass a reference to a different routing table instead ?
We don't have any at the moment.
-- Andre > cheers > luigi > > > >Currently the ipfw fwd rules work so that the packet > > >is accepted when fwd rule matches. > > > > > >Would it be possible just tag the packet with > > >information about next_hop and just continue processing the > > >rules ? This would make complex rulesets with policy-based > > >routing much simpler, since one could just have relevat > > >fwd statments at beginning of rule sets and then > > >filter the packets in usual way. > > > > Ari S. > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Luigi Rizzo: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- In reply to: Luigi Rizzo: "Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)"
- Next in thread: Luigi Rizzo: "Re: Policy routing idea (Was: ipfw: Would it be possible tocontinue processing rest of rules after match ?)"
- Reply: Luigi Rizzo: "Re: Policy routing idea (Was: ipfw: Would it be possible tocontinue processing rest of rules after match ?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
