Source addresses of rerouted packets

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Thomas Themel <themel@iwoars.net>
To: netdev@oss.sgi.com
Subject: Source addresses of rerouted packets
Date: Tue, 28 Oct 2003 22:56:00 +0100	[thread overview]
Message-ID: <20031028215600.GE15501@iwoars.net> (raw)

Hi,

I've recently tried to do policy routing of locally generated traffic
based on a netfilter fwmark.  This works, in a way, but doesn't achieve
the result I want. I want to route locally originating connections
differently based on their fwmark, but the packets always end up with
the wrong source address (that of the interface they would go out on if
they hadn't been marked).

After seeing this both with 2.4.20 and 2.6.0-test9, I've had a quick
look at the routing code, and what I believe is happening is

- the new socket doesn't yet have a source address
- the SYN packet is queued and routed, thus the socket gets a source address
- the SYN packet is caught by the netfilter rule and marked
- the SYN packet is rerouted, but at that point, it/its socket already
  has the source address of the original route and doesn't get the
  address of the different route it is now sent on.

Is this behaviour intended? Following the principle of least surprise, I
would expect a locally generated packet to get the source address of the
last route it traverses.

ciao,
-- 
[*Thomas  Themel*]      'To a hardcore geek, "Open" and "Source" are like
[extended contact]   the nipples on the breasts of Jennifer Love Hewitt.'
[info provided in]              - Mr. Cranky reviewing "Antitrust"
[*message header*]   <URL:http://www.mrcranky.com/movies/antitrust.html>

                 reply	other threads:[~2003-10-28 21:56 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031028215600.GE15501@iwoars.net \
    --to=themel@iwoars.net \
    --cc=netdev@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).