Julian's netowrking challenge 2005
Milan Obuch
net at dino.sk
Tue Jun 28 10:52:50 GMT 2005
On Tuesday 28 June 2005 12:27, Jeremie Le Hen wrote:
> > Wouldn't a more general approach be better. e.g. a way to "tag" a packet
> > before it is sent to divert and a matching tag-lookup that can do further
> > action. This would make it very easy to do all kinds of stuff that needs
> > to know the original address instead of the translated one while avoiding
> > code duplication.
>
> Having the possibility to tag a packet would be worth indeed. But I
> think that Milan wants to bring network stack virtualization in
> newer release of FreeBSD IIUC. This would be, IMO, a great improvement
> of FreeBSD networking, although I'm pretty sure this would make Netgraph
> people react a bit ;-).
>
Yes, yes, no :)
Packet tagging and action based on tags are possibilities worth to have.
Yes, I would like to have virtualization. Actually this could be seen as
generalized packet tagging (similar to MPLS technology, only internal, but
could be extended as well...)
And I see no reason why netgraph people should react - having both virtual
stacks AND netgraph is really powerfull combination.
> > pf does something along these lines in case you are looking for
> > references.
>
> Would it be possible to share this tag among pf and ipfw ?
>
... and ipf as well :)
AFAIR main objections against Marko Zec's patch were its based on 4-RELEASE
and not CURRENT/HEAD, and its 'monolithic' non-modular approach. Other than
those, virtualization philosophy is great and we should adopt it IMHO. Our
lovely daemon gains even more power :)
Milan
More information about the freebsd-net
mailing list