Re: Kernel Routing sequence

From: Al Boldi
Date: Sat Aug 13 2005 - 23:14:42 EST


Greetings,
Martijn van Oosterhout wrote:
> On Sat, Aug 13, 2005 at 08:00:59PM +0300, Al Boldi wrote:
> > Martijn van Oosterhout wrote:
> > > Nope, the ping reply is a brand new packet and will go out of
> > > whatever interface is decided for that destination. There's no
> > > reason for it go out the same interface as the packet it's
> > > responding to.
> >
> > Syn request/replies behave in the same manner, as do ESTABLISHED
> > connections. Try telnet.
>
> I'm afraid you're wrong. What interface the packet came from is
> irrelevent to where the reply goes. The routing table uses
> destination IP only. If you want to prove otherwise, show us the
> tcpdump output.

I agree! And this is the problem; it should be smarter than just
blindly follow the routing table.

> > 10.0.1.2/8 is part of the 10.0.0.0/8 network.
>
> No, it's part of the 10.0.1.0/24 network, since that's the more
> specific route.

It's part of 10.0.0.0/8 because it came in on eth0.

> > This means the Kernel is rerouting packets!
> >
> > The default should be not to reroute, but honor the original
> > route!
> >
> > Is there a way to instruct the Kernel to disable this rerouting
> > behaviour?
>
> The kernel isn't rerouting anything,

You are right! The Kernel is not actively rerouting, but it is
rerouting passively by blindly following the route table.

It should actively prefer the original route.

> it's following the routes you setup.

The Kernel sets them up by default.

> Any other O/S would do the same. Search the web as to how
> routing tables work.

Just because others do it the same way doesn't make it right.

This is Linux, it should not blindly follow but rather breakingly
lead!

Your friend,
Al

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html