From: David Ahern <dsa@cumulusnetworks.com>
To: Tom Herbert <tom@herbertland.com>
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>
Subject: Re: [PATCH 2/2 v2] net: Remove VRF change to udp_sendmsg
Date: Wed, 9 Sep 2015 19:10:04 -0600 [thread overview]
Message-ID: <55F0D86C.90903@cumulusnetworks.com> (raw)
In-Reply-To: <CALx6S35Fwu5QsR-W=0LVzvZv_PGqbV3TGR9T5YRU65QCY0OgzQ@mail.gmail.com>
On 9/9/15 6:51 PM, Tom Herbert wrote:
> It is NAT since you are changing the source address and modifying the
> transport protocol checksum below IP and transport layer. There are a
> bunch of side effects that you would need to consider. This is
> creating custom APIs changing the semantics of address selection, and
> also creates inconsistency between how addresses may be selected
> between a connected and unconnected sockets. Consider that
> ip_local_out_sk calls netfilter NF_INET_LOCAL_OUT hook before
> dst->output, so then netfilter would start seeing packets with zero
> source address???
understood.
>
> A lot of design in the stack is predicated on inet_select_addr
> returning the source address to use for sending a packet. This should
> always return a reasonable address as an invariant, if someone wishes
> to rewrite addresses at a lower layer that's fine, but that should be
> defined as a NAT operation. If a device wants to weigh in on address
> selection then we can define an ndo function for that as I mentioned
> before.
I am floating an idea internally that re-implements how VRF impacts the
stack. It's 4.4 material and essentially adds dev_xxxx() / ndo functions
for the intrusions. With net-next closed no since throwing them out yet
and Nikolay always has good comments on my wild ass ideas.
David
next prev parent reply other threads:[~2015-09-10 1:10 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-09 21:57 [PATCH net-next 1/2] net: Refactor path selection in __ip_route_output_key David Ahern
2015-09-09 21:57 ` [PATCH 2/2 v2] net: Remove VRF change to udp_sendmsg David Ahern
2015-09-10 0:04 ` Tom Herbert
2015-09-10 0:23 ` David Ahern
2015-09-10 0:51 ` Tom Herbert
2015-09-10 1:10 ` David Ahern [this message]
2015-09-10 3:20 ` David Miller
2015-09-10 3:32 ` David Ahern
2015-09-09 22:56 ` [PATCH net-next 1/2] net: Refactor path selection in __ip_route_output_key David Ahern
2015-09-10 0:00 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55F0D86C.90903@cumulusnetworks.com \
--to=dsa@cumulusnetworks.com \
--cc=netdev@vger.kernel.org \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.