Re: Kernel Routing sequence

From: Martijn van Oosterhout
Date: Sat Aug 13 2005 - 07:50:14 EST


On Sat, Aug 13, 2005 at 08:00:31AM +0300, Al Boldi wrote:
> Ronny wrote:
> > Al Boldi wrote:
> > >Now:
> > >Host receives ping from 10.0.1.2/8 on 10.0.0.0/8 eth0
> > >Host replies to 10.0.1.2 using route 10.0.1.0/24 eth1.
> > >
> > >Host should have replied to 10.0.1.2 using route 10.0.0.0/8 eth0!
>
> Also, the idea to default route a packet by matching it to the most
> bits and dropping the fact it came in on a different network/dev is
> strange!

Nope, the ping reply is a brand new packet and will go out of whatever
interface is decided for that destination. There's no reason for it go
out the same interface as the packet it's responding to.

The question is why a packet from 10.0.1.2 came in on eth0, shouldn't
it have come in on eth1? You have a serious case of asymmetric routing
going on here. If a TCP connection from 10.0.1.2 comes in on eth0, the
replies to that are also going to go out eth1.

Unless you setup rules to do otherwise, the *source* of the packet is
irrelevent for routing, as is what it's replying to, only the
*destination* matters.

Hope this helps,
--
Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.

Attachment: pgp00000.pgp
Description: PGP signature