Re: Kernel Routing sequence

From: Martijn van Oosterhout
Date: Sat Aug 13 2005 - 13:45:03 EST


On Sat, Aug 13, 2005 at 08:00:59PM +0300, Al Boldi wrote:
> Martijn van Oosterhout wrote:
> > Nope, the ping reply is a brand new packet and will go out of
> > whatever interface is decided for that destination. There's no
> > reason for it go out the same interface as the packet it's
> > responding to.
>
> Syn request/replies behave in the same manner, as do ESTABLISHED
> connections. Try telnet.

I'm afraid you're wrong. What interface the packet came from is
irrelevent to where the reply goes. The routing table uses destination
IP only. If you want to prove otherwise, show us the tcpdump output.

> 10.0.1.2/8 is part of the 10.0.0.0/8 network.

No, it's part of the 10.0.1.0/24 network, since that's the more
specific route.

> This is means the Kernel is rerouting packets!
>
> The default should be not to reroute, but honor the original route!
>
> Is there a way to instruct the Kernel to disable this rerouting
> behaviour?

The kernel isn't rerouting anything, it's following the routes you
setup. Any other O/S would do the same. Search the web as to how
routing tables work.

Have a nice day,
--
Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.

Attachment: pgp00000.pgp
Description: PGP signature