| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Oct 2009 19:48:39 +0300 From: Atis Elsts <atis@...rotik.com> To: Guido Trotter <ultrotter@...qua.net> Cc: netdev@...r.kernel.org Subject: Re: Policy routing + route "via" gives a strange behavior On Tuesday 20 October 2009 16:28:20 you wrote: > This is also refused unless a route like the one before appears in the > default table, even though it does appear in table 100. Is this the right > behavior, and if yes, why? I guess what you describe is too infrequent use case for anyone to really care. Connected and link scoped routes are usually not added to policy routing tables :) Can you explain more for what kind of setup this is needed? This "issue" could be solved by using routing table in the FIB lookup done in fib_check_nh(). However, doing that would break a lot more setups than it would "fix". For example, if you had these rules from all to 1.2.3.4 fwmark 0x64 lookup 100 from all fwmark 0x64 unreachable then adding policy route to table 100 would fail unless nexthop 1.2.3.4 was used... Anyway, you can achieve what you wish by using the "onlink" option, e.g.: ip route add table 100 default dev eth1 via 192.168.5.254 onlink Atis -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists