From owner-freebsd-net@FreeBSD.ORG Fri Nov 16 11:10:54 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91C5C16A420 for ; Fri, 16 Nov 2007 11:10:54 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 4650513C43E for ; Fri, 16 Nov 2007 11:10:54 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id F41824723B; Fri, 16 Nov 2007 06:10:46 -0500 (EST) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute2.internal (MEProxy); Fri, 16 Nov 2007 06:10:47 -0500 X-Sasl-enc: PlNfAR/bDk4ZV9+CJ0fLDkC9ljG31kHZA8K/YywBQkMl 1195211446 Received: from empiric.lon.incunabulum.net (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id 659B3E2E8; Fri, 16 Nov 2007 06:10:46 -0500 (EST) Message-ID: <473D7AB5.1040403@FreeBSD.org> Date: Fri, 16 Nov 2007 11:10:45 +0000 From: "Bruce M. Simpson" User-Agent: Thunderbird 2.0.0.6 (X11/20070928) MIME-Version: 1.0 To: Brian Hawk References: <473C5593.4080407@tnetus.com> <20071116001429.GE1499@beaver.trit.net> <473D3258.9040203@tnetus.com> In-Reply-To: <473D3258.9040203@tnetus.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Dima Dorfman Subject: Re: Interface address sourced packets go thru default gateway on another interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2007 11:10:54 -0000 Brian Hawk wrote: > Then what would be the reason to bind a connection to a specific > source address? We do > ping -S A.B.C.D x.y.z.t > to make ping send packets to x.y.z.t over A.B.C.D's interface (and > source address) or > telnet -s A.B.C.D x.y.z.t > > I believe binding an IP's source address to an interface address > (instead of INADDR_ANY) is to make packets go out from *that* > interface, not the default gw. Nope, this has never been the case. Binding a socket to an address does just that -- it does NOT bind a socket to an interface. The source address selection during an accept() or bind() is chosen based on the address provided to the bind() call, or the address from which the SYN originated which your code is accept()-ing; the kernel will then choose the address 'nearest' to the node which sent the SYN for further communication, by doing a route lookup. During ip_output() the actual interface pointer lookup will take place based on the destination address. Then and only then is the actual interface selected. This is a set of behaviours which will have to change in netinet in order to support stuff like bind-to-interface, scoped addresses and the 169.254.0.0/16 link-local block correctly -- we SHOULD be looking at the address to which the socket is bound before doing anything (compare with Linux's SO_BINDTODEVICE option; which causes layer pollution and I would suggest should NOT be implemented in the same way in FreeBSD). As other contributors have suggested, if you really need source routing, use pf or similar for that. I believe ipf also supports route-to on the outbound. cheers, BMS