Hi I think the following additions to the rdomain(4) man page would be usefull for people that want to start using rdomains and rtables.
Remi Index: rdomain.4 =================================================================== RCS file: /home/remi/cvs/src/share/man/man4/rdomain.4,v retrieving revision 1.7 diff -u -p -r1.7 rdomain.4 --- rdomain.4 6 Feb 2015 03:10:43 -0000 1.7 +++ rdomain.4 29 Jun 2015 08:12:50 -0000 @@ -29,16 +29,20 @@ The feature allows multiple lookup tables for routes. The .Nm rdomain -feature makes it possible to assign the same IP address to more than one -interface. +feature allows it to logically segment a router between network +paths. As a consequence it is possible to assign the same IP address to +more than one interface. .Ss Routing tables Each .Nm rtable contains routes for outbound network packets. A routing domain can contain more than one .Nm rtable . -Within a domain, IP addresses used for different interfaces cannot overlap. Multiple routing tables are commonly used for Policy Based Routing. +.Pp +The highest id that can be used for an +.Nm rtable +is 255. .Ss Routing domains Each .Nm rdomain @@ -69,6 +73,16 @@ is used to move traffic from one .Nm rdomain to a different .Nm rdomain . +.Pp +When an interface is assigned to an inexistent +.Nm rdomain +it gets created automatically. At the same time an +.Nm rtable +with the same id gets created and assigned to the new domain. +.Pp +The highest id that can be used for an +.Nm rdomain +is 255. .Sh EXAMPLES Set up em0 and lo4 onto rdomain 4: .Bd -literal -offset indent @@ -88,6 +102,10 @@ Start an sshd in rdomain 4: .Pp .Dl # route -T4 exec /usr/sbin/sshd .Pp +Display to which rdomain processes are assigned to: +.Pp +.Dl # ps aux -o rtable +.Pp pf.conf snippet to block incoming port 80, and nat-to and move to rtable 0 on interface em1: .Bd -literal -offset indent @@ -98,7 +116,8 @@ match out on rdomain 4 to !$internal_net .Xr route 4 , .Xr pf.conf 5 , .Xr ifconfig 8 , -.Xr route 8 +.Xr route 8 , +.Xr ps 1 .Sh HISTORY .Ox support for @@ -109,3 +128,16 @@ first appeared in .Ox 4.9 and IPv6 support first appeared in .Ox 5.5 . +.Sh CAVEATS +When an +.Nm rtable +allready exists a new domain with the same id cannot be created. Since +there is no command to destroy an +.Nm rtable +a reboot is required in such a situation. + +No tool is available to assign more than one +.Nm rtables +to an +.Nm rdomain +other than to the default one (0).
