From owner-freebsd-net@FreeBSD.ORG Tue Dec 9 18:00:28 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1ABB61065677 for ; Tue, 9 Dec 2008 18:00:28 +0000 (UTC) (envelope-from prvs=julian=2224d921f@elischer.org) Received: from smtp-outbound.ironport.com (smtp-outbound.ironport.com [63.251.108.112]) by mx1.freebsd.org (Postfix) with ESMTP id 05DC18FC08 for ; Tue, 9 Dec 2008 18:00:27 +0000 (UTC) (envelope-from prvs=julian=2224d921f@elischer.org) Received: from unknown (HELO julian-mac.elischer.org) ([10.251.60.95]) by smtp-outbound.ironport.com with ESMTP; 09 Dec 2008 09:31:59 -0800 Message-ID: <493EAB8F.7090509@elischer.org> Date: Tue, 09 Dec 2008 09:31:59 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.18 (Macintosh/20081105) MIME-Version: 1.0 To: Angelo Turetta References: <493E66BD.6090907@commit.it> In-Reply-To: <493E66BD.6090907@commit.it> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Multiple routing table clarification X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2008 18:00:28 -0000 Angelo Turetta wrote: > I need to run squid, serving different networks with different > (potentially conflicting) IP address schemes. > > I read the original implementation notes for setfib/multiple routing > tables: > http://perforce.freebsd.org/fileViewer.cgi?FSPC=//depot/user/julian/routing/plan.txt > > > and I would like to ask for some clarifications: > > - is it possible for a single process to listen for TCP connections > using more than one socket, each with its own 'fib'? yes, but only if you have source. you need to do a setsockopt(SOO_SETFIB,...) on each socket before you do the listen(). Otherwise all socekts from the same process get the same fib. > > - if I use ipfw rules to tag incoming traffic, can I force the fib on a > incoming TCP connection to be different from the fib of the > process/socket listening for that connection? no, the fib for a socket is set by the process that does the listen. HOWEVER I have been asked to add a feature where setting a fib of -1 on a socket will allow it to get its fib from the incoming SYN packet.. Ithink that would bewhat you are asking for. > > Thanks for any help (oh, BTW, if somewhere more detailed howto/doc about > this feature can be found, please forward any pointers) man 2 setsockopt man 1 setfib man 2 setfib > > Angelo. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"