Re: Kernel Routing sequence

From: Al Boldi
Date: Sat Aug 13 2005 - 12:06:18 EST


Martijn van Oosterhout wrote:
> > > Al Boldi wrote:
> > > >Now:
> > > >Host receives ping from 10.0.1.2/8 on 10.0.0.0/8 eth0
> > > >Host replies to 10.0.1.2 using route 10.0.1.0/24 eth1.
> > > >
> > > >Host should have replied to 10.0.1.2 using route 10.0.0.0/8
> > > > eth0!
> >
> > Also, the idea to default route a packet by matching it to the
> > most bits and dropping the fact it came in on a different
> > network/dev is strange!
>
> Nope, the ping reply is a brand new packet and will go out of
> whatever interface is decided for that destination. There's no
> reason for it go out the same interface as the packet it's
> responding to.

Syn request/replies behave in the same manner, as do ESTABLISHED
connections. Try telnet.

> The question is why a packet from 10.0.1.2 came in on eth0,
> shouldn't it have come in on eth1?

10.0.1.2/8 is part of the 10.0.0.0/8 network.

> You have a serious case of
> asymmetric routing going on here. If a TCP connection from 10.0.1.2
> comes in on eth0, the replies to that are also going to go out eth1.

This is means the Kernel is rerouting packets!

The default should be not to reroute, but honor the original route!

Is there a way to instruct the Kernel to disable this rerouting
behaviour?

--
Al
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html