Source Routing

[Michael Sierchio]

Andre Oppermann wrote:

> Ruslan Ermilov wrote:

>>What is missing in ipfw(8) and its ``fwd'' option from being a
>>successful implementation of policy routing?
> 
> 
> In the technical sense it is.  For larger systems you want automatic
> configuration from a routing daemon.  ipfw also has its limits when
> it comes to a large number of prefixes which are changing all the
> time.

A policy or multi-protocol routing daemon can *effect* the desired
policy via ipfw.  My original notion was to do this via divert
sockets, but for appliance devices this requires horsepower which
is not available, and involves too much kernel-userland packet
copying.