--pgp-sign-Multipart_Fri_Jun_17_02:08:09_2005-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "iv" == Ivo Vachkov <ivo.vachkov@gmail.com> writes:

    iv> Policy Routing: - extend "struct rtentry" to include
    iv> additional information for TOS fields, Source based routing,
    iv> maybe even protocol based routing, ttl routing, packet lenght
    iv> routing - add support in /sys/net/route.c - add support in
    iv> /sbin/route/route.c and alike

another way to do this would be to fix the policy routing that's been
built into the firewalls for a long time.  ipfilter and PF both have
fastroute/route-to and dup-to keywords.  PF also has a
reply-to/keepstate keyword for strong ES.  However in both ipfilter
and PF these keywords panic the kernel if you try to use them.

It would maybe be nicer to have some policy routing in the routing
table---sometimes it's more intuitive, it has to go there if you want
to use rtsock, and it's probably easier to do that than fix the
firewalls.  But the keywords are already _in_ the firewalls so
some day they should probably be fixed or removed.

In addition to policy routing people often ask for multipath routing.
A fully-general multipath routing that used byte counters to keep the
use of each path even would be nice, and I don't think other Unixes
have that yet. :)

--pgp-sign-Multipart_Fri_Jun_17_02:08:09_2005-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQCVAwUAQrJoyYnCBbTaW/4dAQJ28AQAgMnuzFDvP7URC5ImwP+cw+sp+iVAJf4u
Eo7Gk6FlQ5UhvBYloAVRpb27epaaJtPTBEuAvhTOP093LVG70GhYQgU1kP4GVf8t
BM8a5gABWwYnMxw0xerkaT6WwyqJuQ21PIaCE8BPwTxtd9GQ0zMqiokLGIe1U4r6
J887EoY+jf8=
=i6Z7
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Fri_Jun_17_02:08:09_2005-1--