| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7imwsd6pys.wl%jch@pps.univ-paris-diderot.fr>
Date: Thu, 02 May 2013 23:18:03 +0200
From: Juliusz Chroboczek <jch@....jussieu.fr>
To: David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org
Subject: Re: RTA_SRC doesn't work?
> But you can only do source based routing using FIB rules, the
> normal routing tables (which are hung off of the rules) do not
> have source keys in them. They are keyed only by destination
> address.
>
> Only the FIB rules support source address keying.
>
> So you will need to use multiple routing table to route by source
> address.
Ok, that explains the IPv4 behaviour. But what about v6? The
following bit of ipv6/Kconfig would seem to imply that I can avoid
generating rules dynamically as new source prefixes appear:
config IPV6_SUBTREES
bool "IPv6: source address based routing"
depends on IPV6_MULTIPLE_TABLES
---help---
Enable routing by source address or prefix.
The destination address is still the primary routing key, so mixing
normal and source prefix specific routes in the same routing table
may sometimes lead to unintended routing behavior. This can be
avoided by defining different routing tables for the normal and
source prefix specific routes.
Thanks again,
-- Juliusz
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists