1.\" $OpenBSD: rdomain.4,v 1.8 2015/07/04 07:51:03 jmc Exp $ 2.\" 3.\" Copyright (c) 2015 Peter Hessler <phessler@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: July 4 2015 $ 18.Dt RDOMAIN 4 19.Os 20.Sh NAME 21.Nm rtable , 22.Nm rdomain 23.Nd routing tables and routing domains 24.Sh DESCRIPTION 25The traditional kernel routing system had a single table for routes and 26allowed only non-conflicting IP address assignments. 27The 28.Nm rtable 29feature allows multiple lookup tables for routes. 30The 31.Nm rdomain 32feature provides a way to logically segment a router 33between network paths. 34.Ss Routing tables 35Each 36.Nm rtable 37contains routes for outbound network packets. 38A routing domain can contain more than one 39.Nm rtable . 40Multiple routing tables are commonly used for Policy Based Routing. 41.Pp 42The highest ID that can be used for an 43.Nm rtable 44is 255. 45.Ss Routing domains 46Each 47.Nm rdomain 48is a completely separate address space in the kernel. 49An IP address (e.g. 10.0.0.1/16) can be assigned in more than one 50.Nm rdomain , 51but 52cannot be assigned more than once per 53.Nm rdomain . 54An interface belongs to one and only one 55.Nm rdomain . 56The interface's 57.Nm rdomain 58determines which rdomain an incoming packet will 59be in. 60Virtual interfaces do not need to belong to the same 61.Nm rdomain 62as the parent. 63Each 64.Nm rdomain 65contains at least one routing table. 66.Pp 67Network traffic within an 68.Nm rdomain 69stays within the current routing domain. 70.Xr pf 4 71is used to move traffic from one 72.Nm rdomain 73to a different 74.Nm rdomain . 75.Pp 76When an interface is assigned to a non-existent 77.Nm rdomain 78it gets created automatically. 79At the same time an 80.Nm rtable 81with the same ID gets created and assigned to the new domain. 82.Pp 83The highest ID that can be used for an 84.Nm rdomain 85is 255. 86.Sh EXAMPLES 87Set up em0 and lo4 onto rdomain 4: 88.Bd -literal -offset indent 89# ifconfig em0 rdomain 4 90# ifconfig lo4 rdomain 4 91# ifconfig lo4 inet 127.0.0.1/8 92# ifconfig em0 192.0.2.100/24 93.Ed 94.Pp 95Set a default route and localhost reject route within rdomain 4: 96.Bd -literal -offset indent 97# route -T4 -qn add -net 127 127.0.0.1 -reject 98# route -T4 -n add default 192.0.2.1 99.Ed 100.Pp 101Start an sshd in rdomain 4: 102.Pp 103.Dl # route -T4 exec /usr/sbin/sshd 104.Pp 105Display to which rdomain processes are assigned: 106.Pp 107.Dl # ps aux -o rtable 108.Pp 109pf.conf snippet to block incoming port 80, and nat-to and move to rtable 0 110on interface em1: 111.Bd -literal -offset indent 112block in on rdomain 4 proto tcp to any port 80 113match out on rdomain 4 to !$internal_net nat-to (em1) rtable 0 114.Ed 115.Sh SEE ALSO 116.Xr ps 1 , 117.Xr route 4 , 118.Xr pf.conf 5 , 119.Xr ifconfig 8 , 120.Xr route 8 121.Sh HISTORY 122.Ox 123support for 124.\" XXX - rdomains, not 'rtable' 125.\" .Nm 126rdomains 127first appeared in 128.Ox 4.9 129and IPv6 support first appeared in 130.Ox 5.5 . 131.Sh CAVEATS 132When an rtable already exists a new domain with the same ID cannot be created. 133Since there is no command to destroy an rtable 134a reboot is necessary. 135.Pp 136No tool is available to assign more than one rtable to an rdomain 137other than to the default one (0). 138