On 6/17/05, Miles Nordin <carton@ivy.net> wrote:
> >>>>> "iv" =3D=3D Ivo Vachkov <ivo.vachkov@gmail.com> writes:
>
>     iv> Policy Routing: - extend "struct rtentry" to include
>     iv> additional information for TOS fields, Source based routing,
>     iv> maybe even protocol based routing, ttl routing, packet lenght
>     iv> routing - add support in /sys/net/route.c - add support in
>     iv> /sbin/route/route.c and alike
>
> another way to do this would be to fix the policy routing that's been
> built into the firewalls for a long time.  ipfilter and PF both have
> fastroute/route-to and dup-to keywords.  PF also has a
> reply-to/keepstate keyword for strong ES.  However in both ipfilter
> and PF these keywords panic the kernel if you try to use them.

I used that features before on other OSs (FreeBSD and OpenBSD) and it
seemed to me that they worked (at least partly), but I don't like the
idea of having all packet processing (... and routing) done in a piece
of code that should work as a firewall.

> It would maybe be nicer to have some policy routing in the routing
> table---sometimes it's more intuitive, it has to go there if you want
> to use rtsock, and it's probably easier to do that than fix the
> firewalls.  But the keywords are already _in_ the firewalls so
> some day they should probably be fixed or removed.

My plan is to add policy routing to the base system, kernel routing
table and co. but i may try to fix this issues to if i have time to
the end of the summer. I've already had some knowledge of the PF code,
but i don't promise anything :)

> In addition to policy routing people often ask for multipath routing.
> A fully-general multipath routing that used byte counters to keep the
> use of each path even would be nice, and I don't think other Unixes
> have that yet. :)

This subject crossed my mind too. But it's a little bit harder to
implement. I'm aware of an old patch (for FreeBSD 4.8) that does
implement multipath, so I may try to use it too. And this leads us to
the next question - how should the multipath be organized - on a
packet or connection basis ???

P.S. Thanks for the advices.
--
"UNIX is basically a simple operating system, but you have to be a
genius to understand the simplicity." Dennis Ritchie