From owner-freebsd-net@FreeBSD.ORG Fri May 30 09:45:33 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 276F71065674 for ; Fri, 30 May 2008 09:45:33 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outF.internet-mail-service.net (outf.internet-mail-service.net [216.240.47.229]) by mx1.freebsd.org (Postfix) with ESMTP id 029CF8FC1D for ; Fri, 30 May 2008 09:45:32 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id D5DF92418; Fri, 30 May 2008 02:45:32 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 686F62D6018; Fri, 30 May 2008 02:45:32 -0700 (PDT) Message-ID: <483FCCBC.6040802@elischer.org> Date: Fri, 30 May 2008 02:45:32 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: Rajkumar S References: <483763B5.4030205@elischer.org> <64de5c8b0805300118v3874ec3bx2b2978a80bae08b8@mail.gmail.com> In-Reply-To: <64de5c8b0805300118v3874ec3bx2b2978a80bae08b8@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Max Laier Subject: Re: anyone tried the Multi routing table code yet? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2008 09:45:33 -0000 Rajkumar S wrote: > On Sat, May 24, 2008 at 6:09 AM, Julian Elischer wrote: >> subject says it all really.. > > I am using pf and rtable to setfib and get an pfctl: DIOCADDRULE: > Device busy when trying to load "pass in quick on fxp0 from any to any > keep state rtable 1" > I'm not really familiar with the pf syntax as I didn't do that part of the patch (max laier (CC'd) did) and I don't use pf. Max may be able to see if the patch to the pf code ahs an error. > I can successfully load "pass in quick on fxp0 all flags S/SA keep > state rtable 0" I am testing on FreeBSD CURRENT. > > My routing tables are: > > > [root@daemon /etc]# setfib -0 netstat -nrf inet > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 192.168.3.100 UGS 0 2025 fxp0 > 127.0.0.1 127.0.0.1 UH 0 0 lo0 > 192.168.3.0/24 link#1 UC 0 0 fxp0 > 192.168.3.54 00:40:f4:b7:d7:ee UHLW 1 40 fxp0 1179 > 192.168.3.100 00:80:48:38:1a:df UHLW 2 149 fxp0 1173 > 192.168.4.0/24 link#1 UC 0 0 fxp0 > 192.168.4.4 00:80:48:1f:48:26 UHLW 1 141 fxp0 1120 > 192.168.5.0/24 link#3 UC 0 0 rue0 > [root@daemon /etc]# setfib -1 netstat -nrf inet > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 192.168.5.4 UGS 0 13 rue0 > 127.0.0.1 127.0.0.1 UH 0 0 lo0 > 192.168.3.0/24 link#1 UC 0 0 fxp0 > 192.168.3.54 00:40:f4:b7:d7:ee UHLW 1 0 fxp0 1176 > 192.168.3.100 00:80:48:38:1a:df UHLW 1 5 fxp0 1170 > 192.168.4.0/24 link#1 UC 0 0 fxp0 > 192.168.4.4 00:80:48:1f:48:26 UHLW 1 0 fxp0 1117 > 192.168.5.0/24 link#3 UC 0 0 rue0 > > btw, does the rtable syntax allow to set route for packets generated > by the pf host itself (like packets from squid). The catch is that > they cannot be matched via a "pass in" rule, they are matched only on > a "pass out" rule. I don't know about pf, but in ipfw it definitely can be any packet at any time, but the outgoing packets have already made their routing decision before they hit the firewall so even though a table is associated with the packet, it's too late :-/ it has to be associated with the socket itself to really have effect. > > Thanks and regards, > > raj > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"