From: Julian Anastasov <ja@ssi.bg>
To: lartc@vger.kernel.org
Subject: [LARTC] Re: iptables diagram (ex: ipchains + mark in output chain ?)
Date: Tue, 18 Jun 2002 10:34:01 +0000 [thread overview]
Message-ID: <marc-lartc-102439647716068@msgid-missing> (raw)
Hello,
On Tue, 18 Jun 2002, Ciprian Niculescu wrote:
> so you say that are 3 routing decision:
> - after nat prerouting
> - after local_process, and before mangle output
> - before nat postrouting
Basicly, there are 2 routing decisions, for the others
I like the name rerouting:
1. Input Routing: after prerouting, kernel performs source
validation and nexthop decision, result: local_deliver/forwarding
2. Output Routing: local_process selects source address, creates
connected route or selects route for each packet. The resolved
route is attached to the packet and is used later. The Netfilter's
LOCAL_OUT chain detects complete packet which is obviously loaded with
some addresses. Which ones do you think if routing _decision_ is
not performed? :)
3. Output Rerouting: netfilter at LOCAL_OUT changes the already
selected output route if any of the routing keys are changed:
addresses, tos, nfmark, etc. The intention is the packet to change
its attached route and probably to go in another direction.
The connected sockets do not notice this change, they remain
connected to the initial route.
> what is the use of the routing decision after local process???
see 2.
Note also that after FORWARD there is no routing
decision :)))
I'll not iterate this issue anymore. We already disturb
the LARTC subscribers :)
Regards
--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2002-06-18 10:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-18 10:34 Julian Anastasov [this message]
2002-06-20 0:19 ` [LARTC] Re: iptables diagram (ex: ipchains + mark in output chain ?) Leonardo Balliache
2002-06-20 8:35 ` Julian Anastasov
2002-06-20 20:32 ` [LARTC] Re: iptables diagram (ex: ipchains + mark in output King Yung Tong
2002-06-25 14:34 ` [LARTC] Re: iptables diagram (ex: ipchains + mark in output chain ?) Jan Coppens
2002-06-25 15:47 ` John Telford
2002-06-25 18:16 ` [LARTC] Re: iptables diagram (ex: ipchains + mark in output chain Michael T. Babcock
2002-06-25 18:47 ` [LARTC] Re: iptables diagram (ex: ipchains + mark in output chain ?) Stef Coene
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102439647716068@msgid-missing \
--to=ja@ssi.bg \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.