Stack virtualization (was: running out of mbufs?)

Jeremie Le Hen jeremie at le-hen.org
Tue Aug 9 21:35:55 GMT 2005 

> I haven't fully explored all applications and possible tie-ins with
> jails, virtual stacks etc. but it looks very interesting.
>
> For example I want to have multiple routing tables within the same
> stack.  These routing tables can be opaque or fall-through and match
> on the source and destination address (not at the same time though).
> This way we get ultimate routing flexibility in using FreeBSD as
> router.  An incoming packet on interface em0 with group priority
> would first match into routing table X, and if no match fall-through
> to the default routing table.  Or you could create a source matching
> routing table Y sending matching packets further to table Z for
> low priority routing.

What you are saying clearly reminds me the way Linux does it.
Basically they have about 256 routing tables available, one of them
being the default one (254 IIRC).  Once you have filled the those you
want to use, you can assign a routing table to each packet with what
they simply call "rules".  The routing criteria are classical, such as
"from", "to", "tos", "iif" (incoming interface)...
(See the manpage [1] for more informations, the IPRoute2 framework is
quite powerful.)

One of the most powerful criteria it provides is "fwmark" which allows
to match against a mark stamped on the skbuff (their mbuf) by the
firewall.  This leads to the ability to route packets based on the
whole capabilities of the firewall framework (NetFilter in this case) :
TCP/UDP ports, ICMP types, and so on...

This might appear a little bit hackish to networking guys, especially
those ones that are working on backbone routers, but this flexibility
is almost nothing to add (pf already has the ability to tag packets,
IIRC) and it doesn't constrain the design at all, IMHO.  FYI, this has
already been discussed in this subthread [2].

I have to say that I was quite impressed by Linux networking
capabilities (this was in the 2.4 days), and that's why I would really
like to see FreeBSD to be able to do this.

> It's hard to describe this textually to its full extent.  That's why
> my upcoming paper will have mostly graphics depicting the packet flow
> and the processing options.

I'm in haste to read your paper.

[1] http://www.manpage.org/cgi-bin/man/man2html?8+ip
[2] http://lists.freebsd.org/pipermail/freebsd-net/2005-June/007743.html

Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

More information about the freebsd-net mailing list