From owner-freebsd-net@FreeBSD.ORG Tue Aug 9 16:25:19 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF76D16A41F for ; Tue, 9 Aug 2005 16:25:19 +0000 (GMT) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCD7543D45 for ; Tue, 9 Aug 2005 16:25:18 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 7558 invoked from network); 9 Aug 2005 16:07:06 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 9 Aug 2005 16:07:06 -0000 Message-ID: <42F8D8ED.11A196FC@freebsd.org> Date: Tue, 09 Aug 2005 18:25:17 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Marko Zec References: <1123040973.95445.TMDA@seddon.ca> <200508091104.06572.zec@icir.org> <42F8A487.67183CA6@freebsd.org> <200508091737.32391.zec@icir.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Stack virtualization (was: running out of mbufs?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Aug 2005 16:25:19 -0000 Marko Zec wrote: > > On Tuesday 09 August 2005 14:41, Andre Oppermann wrote: > ... > > I don't want to have non-global interface lists in the kernel. > > But sooner or later you _will_ end up with some sort of non-global > interface lists after all, just as you stated yourself at the beginning > of this tread. Of course one can still maintain all interfaces linked > in one list and introduce another set of separated lists on per-stack > basis which will be used to logically group interfaces into smaller > sets, but that's really just a question of coding / design style. I thinking more along the lines of OpenBSD's interface groups. There you just add another attribute called group to an interface. Claudio (@openbsd.org, working at next desk to me) explained it quickly to me after it was raised here on the list. The group name is a string but in the ifnet structure only an int is stored. This group name then is used primarily for pf firewall to create rules for interface groups. It handles newly arriving interfaces too. I haven't fully explored all applications and possible tie-ins with jails, virtual stacks etc. but it looks very interesting. For example I want to have multiple routing tables within the same stack. These routing tables can be opaque or fall-through and match on the source and destination address (not at the same time though). This way we get ultimate routing flexibility in using FreeBSD as router. An incoming packet on interface em0 with group priority would first match into routing table X, and if no match fall-through to the default routing table. Or you could create a source matching routing table Y sending matching packets further to table Z for low priority routing. It's hard to describe this textually to its full extent. That's why my upcoming paper will have mostly graphics depicting the packet flow and the processing options. -- Andre