From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Herz Subject: Re: function for getting the source ip defined in the routing table Date: Thu, 22 May 2014 12:31:48 +0200 Message-ID: <20140522103148.GA10939@kvmbude> References: <20140520124634.GM10939@kvmbude> <20140520141828.GO10939@kvmbude> <20140521083643.GU10939@kvmbude> <20140522091129.GZ10939@kvmbude> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Cc: netfilter-devel@vger.kernel.org, Maciej =?utf-8?Q?=C5=BBenczykowski?= To: Patrick Schaaf Return-path: Received: from mail.geekosphere.org ([78.47.150.211]:43191 "EHLO mail.geekosphere.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752506AbaEVKbv (ORCPT ); Thu, 22 May 2014 06:31:51 -0400 Content-Disposition: inline In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: On 22/05/14 at 11:41, Patrick Schaaf wrote: > Am 22.05.2014 11:15 schrieb "Andreas Herz" : > > > > I will try your hint to use ip_route_output_key twice. > > A second call with input src set to 0 will match a _different_ set of > rules, so that will probably not work. That's correct, the wrong rule will match again and the same issue with calling it without src ip in the first place. > > Although i still wonder why my requirement is so special :) > > Combining MASQUERADE with policy routing is probably a bit rare :) Is it? We have several scenarios in that we have more IPs on one interface and different routes and want to specify the source IP. Especially in cluster scenarios. > You could work around with a set of rules using SNAT while matching > outgoing interface and source/destination IPs - basically duplicating your > extra routing table in the nat POSTROUTING chains. But that is certainly a > pain to maintain... That's the reason why we ported MASQUERADE from 2.6.9 to the newer kernels to keep it to less rules. Since rt->src got removed i wanted to find a way to update the module, but for now it looks like i have to patch the kernel itself :/ Thanks so far. -- Andreas Herz