From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 16:43:51 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B87D916A41F for ; Thu, 8 Dec 2005 16:43:51 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id A84B143D66 for ; Thu, 8 Dec 2005 16:43:39 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so447257wxc for ; Thu, 08 Dec 2005 08:43:38 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=HobI7YvE7frdPmkA6M+IgN8jSgrl+9KV2X1BmlxlV9XDTF11A22Jj2eXsqVbnlF5SWjn/s7CBQeTlP1dP+1qx4W0ZtVAvqz7FJkiXW6Eg+rswJopCfBIaS/WoQxwEpRXGsLY9TtdpLPixtwSVhiw+VdGZpPAYBue6LsrWBBh1FM= Received: by 10.70.59.17 with SMTP id h17mr3373540wxa; Thu, 08 Dec 2005 08:43:38 -0800 (PST) Received: by 10.70.110.4 with HTTP; Thu, 8 Dec 2005 08:43:38 -0800 (PST) Message-ID: Date: Thu, 8 Dec 2005 18:43:38 +0200 From: Ivo Vachkov To: Claudio Jeker , freebsd-net@freebsd.org In-Reply-To: <20051208161245.GB19179@diehard.n-r-g.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4397A2D1.452F290A@freebsd.org> <20051208161245.GB19179@diehard.n-r-g.com> Cc: Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 16:43:51 -0000 2005/12/8, Claudio Jeker : > On Thu, Dec 08, 2005 at 01:15:04PM +0200, Ivo Vachkov wrote: > > > Normally it's the other way around. > > > > So be it :) > > > > My definition of Policy-Based Routing (PBR): ability make routing > > decision based on information other than destination IP address in the > > packet. In my project this "other" information includes source ip > > address, L4 protocol, tos, packet length. > > > > Implementation: > > > > Plan 1) This is complex standalone solution implemented entirely in > > the kernel, plus userland utilities (like the route command). Whole > > current routing engine will be changed. Instead of Patricia tree I > > implement a list of data structures, each one including special mask > > which identifies what field of the IP header are used to match the > > packet and an AVL tree to store routing information in it. Algorithm > > is simple: > > An AVL tree is far from optimal for route lookups -- think about longest > prefix matches. It is even worse than a Patricia tree. > Also doing the packet classification as part of the route lookup is IMO a > bad idea. Also the linear list that needs to be traversed for every packe= t > is very expensive because you can only do one comparison at a time. I am aware that this part sux :) That's why I'm asking for other people's opinions. > > Plan B) *Somehow very Linuxish* Using some sort of packet classifier > > (for example packet filter matching code) it marks the packet with a > > some user defined value. Example: > > ipfw add mark 10 ip from 192.168.0.0/24 to 192.168.10.0/24 > > and: > > pbr_route add -mark 10 $gateway > > The kernel implementation should check for such marks on every packet > > and search them in a binary search tree (AVL probably). > > > > That's it. Please, excuse my bad english and poor explanations. If you > > have any questions I'll try to explain better, probably using more > > examples. > > > > This is a better approach and much simpler. Pf and IPFW have a > powerful classifier and with tables, states, ... it is possible to reduc= e > the classification time significantly. > However this binds the code with some external software. Further more, what should i use to "mark" packets originating from the host ... at some point it get too complex to configure, many rules should be to written just to get it working ... > -- > :wq Claudio > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >