public inbox for lartc@vger.kernel.org
 help / color / mirror / Atom feed
* Policy routing and ICMP MTU message
@ 2022-02-07  1:58 yb
  2022-02-07 17:29 ` Grant Taylor
  0 siblings, 1 reply; 2+ messages in thread
From: yb @ 2022-02-07  1:58 UTC (permalink / raw)
  To: lartc

I have a Linux server which forwards packets from/to a tun device for a
specific private IP address A0, but with a different routing table than
the default one, i.e.:

    ip route add A0 dev tun-device
    ip rule add from A0 lookup something-else

If using the default routing table, this server would use A1 as its
source address; on the other hand, with the special routing table,
it would use A2 as its source address.

Now, if a packet for A0 from A3 arrives but is too large to fit the MTU
of the tun device, an ICMP message from A1 to A3 that says something
like A0 is unreachable, MTU X is exceeded, and is sent with the default
routing table. The problem is, of course, A0 is only meaningful within the
network connected with the special routing table, the network connected
with the default routing table knows nothing about A0, and this ICMP
message is thus useless.

What I wanna achieve is to send this ICMP message with the same content,
but from A2 to A3 (instead of A1 to A3), and with the special routing
table (instead of the default one).

Is this possible? Or, are there better ways to handle this kind of
situation?

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Policy routing and ICMP MTU message
  2022-02-07  1:58 Policy routing and ICMP MTU message yb
@ 2022-02-07 17:29 ` Grant Taylor
  0 siblings, 0 replies; 2+ messages in thread
From: Grant Taylor @ 2022-02-07 17:29 UTC (permalink / raw)
  To: lartc

[-- Attachment #1: Type: text/plain, Size: 737 bytes --]

On 2/6/22 6:58 PM, yb@rslinux.fun wrote:
> Is this possible? Or, are there better ways to handle this kind 
> of situation?

I'd have to spend some more time thinking about this and probably some 
testing to figure out exactly how to do this.

That being said, I would *EXPECT* that it's possible to do what you want 
to through a combination of judicious use of ip rules and / or 
connection marking via iptables to choose the routing table.

I would also need to draw out a network diagram to make sure that I was 
thinking about things appropriately as it seems like the system that 
you're doing the rules on may be functioning as an intermediate router 
and not an end system.



-- 
Grant. . . .
unix || die


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4017 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-07 17:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-07  1:58 Policy routing and ICMP MTU message yb
2022-02-07 17:29 ` Grant Taylor

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox