> On Thu, Dec 23, 1999 at 11:31:43AM +0100, Florian Heinz wrote:
> > Andi Kleen wrote:
> > >
> > > adsmail@htl.de (Andreas Scherbaum) writes:
> > > >
> > > > Here's a tcpdump (sending a nameserver request to the second ip ...)
> > > > $ host 192.168.0.1 192.168.0.201
> > > >
> > > > # tcpdump -p -i eth1:
> > > > 18:13:59.988575 192.168.0.15.1128 > 192.168.0.201.domain: 34740+ (28)
> > > > 18:14:00.036535 192.168.0.15.1128 > 192.168.0.201.domain: 34741+ (28)
> > > >
> > > > # tcpdump -p -i eth0:
> > > > 18:14:09.514938 192.168.0.201.domain > 192.168.0.15.1128: 16413 1/3/3
> > > > (161)
> > > > 18:14:09.570556 192.168.0.201.domain > 192.168.0.15.1128: 16414 0/1/0
> > > > (81)
> > > >
> > > > Why is the kernel sending this packages trough the first interface and
> > > > how can i change it to using the right interface?
> > >
> > > Because the kernel does not know that the incoming packet and the outgoing
> > > packet are in any way related (UDP has no connection between packets, it
> > > is all in above layers if at all). The routing table doesn't say anything
> > > about it. So the only way to get the semantics you want is to change bind
> > > to receive the incoming interface with the IP_PKTINFO cmsg, look at the
> > > ipi_ifindex and set it for outgoing packets on the same conversation to the
> > > same interface.
> >
> > But why is this relevant for policy-routing? The kernel sees: the local
> > packet has source-ip e.g. 192.168.0.2, then he looks at the rules...
> > rules say sth like: "from 192.168.0.2 table 20", and table 20 says route
> > through eth2
> > or the source-ip is 192.168.0.3... rules say "from 192.168.0.3 table
> > 30", table 30 says route through eth3
>
> He was talking about locally generated packets. If the packets have
> different source addresses that is no problem of course. For forwarded
> packets they probably have. For locally generally packets when the
> application does not do an explicit bind(2) the kernel automagically choses
> an appropiate interface, which is usually the first that makes sense.
> Thus if you want to always answer on the same interface you would need
> multiple sockets, each bound to one interface using SO_BINDTODEVICE [if you
> have multiple ones with the same IP] or bind(2) [if they have at least
> different IPs]. Using IP_PKTINFO is a more lightweight alternative.
the applications (for now some quake2 servers) does an explicit bind(2).
And the UDP packages are generated with the right ip, only the outgoing
interface is wrong. If the source IP is known (at this time), why it isnt
used for routing trough the right interface?
ads
Andreas Scherbaum
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/