Re: Bug (?) in ipt_reject doesn't follow policy routing (2.4.x)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Patrick Schaaf <bof@bof.de>
Cc: Leen Besselink <leen@wirehub.nl>, netfilter-devel@lists.netfilter.org
Subject: Re: Bug (?) in ipt_reject doesn't follow policy routing (2.4.x)
Date: Mon, 14 Apr 2003 10:49:07 +0200	[thread overview]
Message-ID: <3E9A7603.6030607@trash.net> (raw)
In-Reply-To: <20030414075933.GJ18520@oknodo.bof.de>

Patrick Schaaf wrote:

>Maybe, if you can answer these questions, we'll be able to understand
>your problem. Maybe somebody can do that even without those answers,
>but the silence you received up to now indicates that's unlikely.
>  
>

May I ? ;)

Without beeing specific to his setup, the problem he describes is
that ipt_REJECT (and others) always choose lsrc to be 0 if it's 
non-local for
the routing decision. I'll just make a simple example:

Routing Rules (incomplete):
1000: from 10.0.0.0/8 lookup abc
32766:  from all lookup main

Routing tables (incomplete):
abc: default via 192.168.0.1 dev eth0
main: default via 172.20.0.1 dev eth1

So all packets except those with src=10.0.0.0/8 should go through 
172.20.0.1.
When ipt_REJECT send a reject for any non-local address in 10.0.0.0/8 it 
chooses
lsrc=0 for the routing lookup, so it ends up with default route of table 
main
instead of table abc.

I wonder why ip_route_input isn't used, this should eliminate the need for
using different information from what is contained in the actual packet for
the routing lookup ..

Bye,
Patrick

next prev parent reply	other threads:[~2003-04-14  8:49 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-04-13 18:53 Bug (?) in ipt_reject doesn't follow policy routing (2.4.x) Leen Besselink
2003-04-13 20:13 ` Leen Besselink
2003-04-14  7:27   ` Leen Besselink
2003-04-14  7:59 ` Patrick Schaaf
2003-04-14  8:49   ` Patrick McHardy [this message]
2003-04-14 11:35     ` Leen Besselink
2003-04-14 21:09       ` Patrick McHardy
2003-04-15  7:40         ` Harald Welte
2003-04-15 14:16           ` Patrick McHardy
2003-04-16  0:20             ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3E9A7603.6030607@trash.net \
    --to=kaber@trash.net \
    --cc=bof@bof.de \
    --cc=leen@wirehub.nl \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.