RTA_SRC doesn't work?

RTA_SRC doesn't work?

[Juliusz Chroboczek]

Dear all,

We're trying to get RTA_SRC to work, and failing, both in IPv4 and
IPv6.  (We tried with Debian's kernels 3.2 and 3.8).  There are good
reasons why we want to avoid using multiple routing tables, so we'd
really like it to work, at least for v6.

In v4, RTA_SRC appears to be completely ignored:

  $ sudo ip route add default from 172.23.36.54/32 dev eth0
  RTNETLINK answers: File exists
  $

In v6, RTA_SRC appears to be passed to the kernel, but these routes
appear to be unused by the kernel:

  $ sudo ip -6 addr add fd51:92c5:dd08:0::1 dev eth0
  $ sudo ip -6 route add default from fd51:92c5:dd08::/48 dev eth0 via fe80::ea11:32ff:fecf:2dc2
  $ ip -6 route show default
  default from fd51:92c5:dd08::/48 via fe80::ea11:32ff:fecf:2dc2 dev eth0  metric 1024 
  $ telnet 2a00:1450:4007:809::1014
  Trying 2a00:1450:4007:809::1014...
  telnet: Unable to connect to remote host: Network is unreachable

Has anyone been able to make this work?  Any help?

-- Juliusz

Re: RTA_SRC doesn't work?

[David Miller]

From: Juliusz Chroboczek <jch@pps.jussieu.fr>
Date: Thu, 02 May 2013 20:31:59 +0200

> In v4, RTA_SRC appears to be completely ignored:
> 
>   $ sudo ip route add default from 172.23.36.54/32 dev eth0
>   RTNETLINK answers: File exists
>   $

Do you already have a default route on eth0 when you run this?

Re: RTA_SRC doesn't work?

[Juliusz Chroboczek]

> >   $ sudo ip route add default from 172.23.36.54/32 dev eth0
> >   RTNETLINK answers: File exists
> >   $

> Do you already have a default route on eth0 when you run this?

Yes, one that is not source-specific.

-- Juliusz

Re: RTA_SRC doesn't work?

[David Miller]

From: Juliusz Chroboczek <jch@pps.jussieu.fr>
Date: Thu, 02 May 2013 21:58:55 +0200

>> >   $ sudo ip route add default from 172.23.36.54/32 dev eth0
>> >   RTNETLINK answers: File exists
>> >   $
> 
>> Do you already have a default route on eth0 when you run this?
> 
> Yes, one that is not source-specific.

Doesn't matter, you can't have multiple routes with the same lookup
keys.

Re: RTA_SRC doesn't work?

[Juliusz Chroboczek]

> >> Do you already have a default route on eth0 when you run this?

> > Yes, one that is not source-specific.

> Doesn't matter, you can't have multiple routes with the same lookup
> keys.

Perhaps I'm confused, then.  Isn't the lookup key the pair (dst, src)?
Or do I not understand the semantics of RTA_SRC?

-- Juliusz

Re: RTA_SRC doesn't work?

[David Miller]

From: Juliusz Chroboczek <jch@pps.jussieu.fr>
Date: Thu, 02 May 2013 22:42:59 +0200

>> >> Do you already have a default route on eth0 when you run this?
> 
>> > Yes, one that is not source-specific.
> 
>> Doesn't matter, you can't have multiple routes with the same lookup
>> keys.
> 
> Perhaps I'm confused, then.  Isn't the lookup key the pair (dst, src)?
> Or do I not understand the semantics of RTA_SRC?

You're specifying on that command line the source address to use on
outgoing frames generated by the host.

Re: RTA_SRC doesn't work?

[Juliusz Chroboczek]

> > Perhaps I'm confused, then.  Isn't the lookup key the pair (dst, src)?
> > Or do I not understand the semantics of RTA_SRC?

> You're specifying on that command line the source address to use on
> outgoing frames generated by the host.

So it looks like I'm confused -- I was under the impression that's
what RTA_PREFSRC is for.  So is there a way to have a routing table
entry that matches on both the source and destination addresses of an
IP packet without setting up multiple routing tables and rules?

-- Juliusz

Re: RTA_SRC doesn't work?

[Juliusz Chroboczek]

> > Perhaps I'm confused, then.  Isn't the lookup key the pair (dst, src)?
> > Or do I not understand the semantics of RTA_SRC?

> You're specifying on that command line the source address to use on
> outgoing frames generated by the host.

So it looks like I'm confused -- I was under the impression that's
what RTA_PREFSRC is for.  So is there a way to have a routing table
entry that matches on both the source and destination addresses of an
IP packet without setting up multiple routing tables and rules?

-- Juliusz

Re: RTA_SRC doesn't work?

[David Miller]

Actually, you're right, RTA_SRC is for source based routing.

But you can only do source based routing using FIB rules, the
normal routing tables (which are hung off of the rules) do not
have source keys in them.  They are keyed only by destination
address.

Only the FIB rules support source address keying.

So you will need to use multiple routing table to route by source
address.

Re: RTA_SRC doesn't work?

[Juliusz Chroboczek]

> But you can only do source based routing using FIB rules, the
> normal routing tables (which are hung off of the rules) do not
> have source keys in them.  They are keyed only by destination
> address.
> 
> Only the FIB rules support source address keying.
> 
> So you will need to use multiple routing table to route by source
> address.

Ok, that explains the IPv4 behaviour.  But what about v6?  The
following bit of ipv6/Kconfig would seem to imply that I can avoid
generating rules dynamically as new source prefixes appear:

  config IPV6_SUBTREES
          bool "IPv6: source address based routing"
          depends on IPV6_MULTIPLE_TABLES
          ---help---
            Enable routing by source address or prefix.

            The destination address is still the primary routing key, so mixing
            normal and source prefix specific routes in the same routing table
            may sometimes lead to unintended routing behavior.  This can be
            avoided by defining different routing tables for the normal and
            source prefix specific routes.

Thanks again,

-- Juliusz