Date: Tue, 03 Jan 2006 10:28:28 -0800 From: Julian Elischer <julian@elischer.org> To: =?ISO-8859-2?Q?=A3ukasz_Bromirski?= <lukasz@bromirski.net> Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Reverse Path Filtering check in ip_input.c Message-ID: <43BAC24C.9050702@elischer.org> In-Reply-To: <43BA82F7.7070408@bromirski.net> References: <43B9C7CC.7090703@mr0vka.eu.org> <20060103115120.GG840@bashibuzuk.net> <43BA82F7.7070408@bromirski.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Łukasz Bromirski wrote: >Yann Berthier wrote: > > > >> If this yet to be found wiser guy would not forget the loose check >> too (verrevpath in ipfw speaking), where packets matching the default >> route are ok ... :) >> >> > >Actually it does that and will until we'll have option to have two >or more default routes. > >Presently, if packets comes via interface and reply for it should be >sent on the same interface (because default route points to it and >there are no other routes pointing for the same destination to >another interface) it will work. > >Check fails if there's either interface mismatch, or source is present >in routing table but marked as RTF_REJECT/BLACKHOLE one. > >OpenBSD imported KAME mroute extension that enables them to have >more than one route for given destination simultaneously in routing >table. I'm looking into it now, as it's very attractive thing, >however as Andre is doing rework of network code I'm sure we'll have >it sooner or later and then maybe someone will revise old checks >already marked as 'XXX' in the code ;) > > Several routes with the same dest would be interesting but how do you select between them? What I'm looking for is a way to make a machine use two totally separate routes depending on the socket address locally.. I'm currenty achieving this with ipfw fwd rules, bu that has side effects that are troublesome.. The vimage patches would do this for me but they are only for 4.x and I see no way to do what they do in a truely extensible manner that woruld work for 5.x and beyond.'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43BAC24C.9050702>