http://www.feyrer.de/NetBSD/blog.html/nb_20050114_4.html


- Hubert

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

I found myself wanting to do this, so I created something that did it.

It's a pseudo-interface called srt (for Source RouTing). You point
your route out the srt interface and then use srtconfig to tell the srt
code where to send packets based on their ip_src fields.

Here, for example, is an excerpt from one of my house machines' startup
scripts. This machine is 216.46.5.1 on the house LAN, where the main
house uplink is managed by 216.46.5.9; it also has the backup house
netlink on ppp0, where its address is 216.46.0.70 and the other end of
the PPP link is 216.46.1.3. 216.46.5.0/28 is overlaid with
10.0.2.0/28, with the same third octet, and it has another Ethernet on
the house non-routed subnet 10.0.1.0/24.

srtconfig srt0 set 0 216.46.5.1 /32 de0 216.46.5.9
srtconfig srt0 set 1 216.46.0.70 /32 ppp0 216.46.1.3
srtconfig srt0 set 2 10.0.2.1 /32 de0 10.0.2.9
srtconfig srt0 set 3 10.0.0.0 /8 ex0 10.0.1.1
ifconfig srt0 216.46.5.1 10.0.0.1 netmask 255.255.255.255 up
route add default 10.0.0.1

Thus, the packet flow is:

packet emitted
-> default route to 10.0.0.1
-> sends it out srt0, which ignores the next-hop address (10.0.0.1)
-> the srt code checks ip_src against, in order
216.46.5.1/32 -> send it out de0, addressed to 216.46.5.9
216.46.0.70/32 -> send it out ppp0, addressed to 216.46.1.3
10.0.2.1/32 -> send it out de0, addressed to 10.0.2.9
10/8 -> send it out ex0, addressed to 10.0.1.1
anything else -> drop it on the floor

Order is important here, because the srt code checks in order. If I
found myself using it for anything big, I'd probably steal the radix
tree code and give each srt interface its own radix tree, and pick the
most specific route rather than defining it to check them in order.

You probably can't use the code directly, because it's for 1.4T, but
you're welcome to use the idea. (For that matter you're welcome to use
the code too, if you find any use for it.)

/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML ***@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

AFAIK, the only way to do policy routing on NetBSD (or any of the
*BSD's?) is to use IPF or PF.

pass in quick on <default route interface> to:<alternate int>:<next hop
IP> from <> to <>

This is poorly documented and an awful hack, but it does work.




--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Daniel Fuehrer wrote:

Mea Culpa, it should be

pass OUT quick, not pass IN quick....


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de