From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
Date: Fri, 18 Jul 2003 18:46:48 +0000
Subject: Re: [LARTC] OUTPUT chain marking after or before routing?
Message-Id: <marc-lartc-105855430302320@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-105842045025983@msgid-missing>
In-Reply-To: <marc-lartc-105842045025983@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Charles,

 : can you comment why this is --
 :
 : ip rule to xxx.xxx.xxx.xxx table n
 :
 : works, and
 :
 : iptables fwmark y table n
 :
 : doesn't? is it because OUTPUT checked the rule while the packet was
 : "generated" locally, but not after it was marked?

I can certainly make such a comment.

The RPDB is consulted for every *new* route lookup.  Any
source/dest,(tos/fwmark/iif) tuple which is not in the route cache will be
looked up.  The lookup process checks the RPDB and any routing tables
specified by the RPDB.  This all happens before the OUTPUT chain for
locally generated packets.

So, locally generated packets marked in the OUTPUT chain have already been
routed.

As I mentioned before, I will defer to those who know the kernel code
better, but my understanding is exactly in line with the KPTD [1].  I
have also written in more detail on the route selection process [2].

Best,

-Martin

 [1] http://www.docum.org/stef.coene/qos/kptd/
 [2] http://linux-ip.net/html/routing-selection.html

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/