From: macach <macachuto@gmail.com>
To: Pascal Hambourg <pascal@plouf.fr.eu.org>
Cc: netfilter@vger.kernel.org
Subject: Re: Question: Why it is not possible to mark packet BEFORE first "route selection" in OUTPUT chain
Date: Sun, 25 Oct 2015 21:20:48 +0300 [thread overview]
Message-ID: <562D1D80.60205@gmail.com> (raw)
In-Reply-To: <562CFF2D.9030201@plouf.fr.eu.org>
On 10/25/2015 07:11 PM, Pascal Hambourg wrote:
> macach a écrit :
>>
>> Why it is not possible to mark packet BEFORE "route selection" in OUTPUT chain.
>
> Because when the initial route selection happens, the packet does not
> exist yet. It is in the process of being created. The reason why route
> selection takes place during the packet creation is that its result
> influences packet features such as the source address, TOS...
>
Thank you for your answer.
I understand that it necessary to put "something" into the packet header.
But why it should be one of many interfaces ip, which may be changed later.
In this case, without default route, packet will never left "route selection", this is completely irrational = just to put something and
change it later.
If packet transformation doesn't finish at this point, why to apply routing and interface source ip?
Why do not use local host ip = 127.0.0.1, inside of output packet belongs to the local host anyway.
Then apply mangle (if any) and other modification (if any), then finally select appropriate route.
And routing decision should the last action, because I think router it just packet dispatcher.
Also I forgot to ask: why second "route selection" doesn't change source ip.
For example in multi-routing table when decision is made by port or destination.
It is necessary to add another operation to modify source ip according to interface: -t nat POSTROUTING ... -j SNAT ...
Thank you in advance.
prev parent reply other threads:[~2015-10-25 18:20 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-25 11:40 Question: Why it is not possible to mark packet BEFORE first "route selection" in OUTPUT chain macach
2015-10-25 16:11 ` Pascal Hambourg
2015-10-25 18:20 ` macach [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=562D1D80.60205@gmail.com \
--to=macachuto@gmail.com \
--cc=netfilter@vger.kernel.org \
--cc=pascal@plouf.fr.eu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.