On Mon, Aug 18, 2003 at 04:44:19AM -0700, David S. Miller wrote: > On Mon, 18 Aug 2003 13:39:57 +0200 > Stephan von Krawczynski <skraw@ithnet.com> wrote: > > > Can you please give us a striking example of a widespread application where > > current behaviour is a requirement or at least a very positive thing? > > [ I've been waiting what seems like centuries for someone > to even consider talking about source address selection, > alas I have to bring it up myself :( ] You're not fair, David, that was *exactly* my concern when I jumped into the thread : the SELECTED SOURCE address for ARP requests is wrong by default as soon as you manually set the IP source address. (but perhaps you didn't have time to read my long mail). > Do you know how source address selection works when the user tries to > connect to a remote location yet doesn't specify a specific source > address to use? In my case, although I don't know the internals, I think I have a clear enough idea of it (but I may be wrong) : the IP source address used when connecting to a remote host should be either the one manually specified on the most appropriate route, or one local address which can reach the remote host or a gateway indicated by the most appropriate route. The ARP source is the IP source address if this address is a local one, or one of those assigned to the NIC from which either the host or the gateway should be reached. > 1) consider how you might want to make that configurable > by the user ip route ... src ... is really fine to me for the IP part, and I would have expected it to act on ARP too ;-) > 2) what the default behavior should be I think we should apply the exact same source selection as IP to ARP. That is, if we need to reach host X or gateway X on the LAN, we should do a route lookup and use a valid source (or the manually set one) associated to the most appropriate route. That is what Julian Anastasov's patch does, and it does it fairly well IMHO. > 3) what kind of ARP behavior is necessary in order for > these various configurations to work The one detailed above by default, then use arptables (or ip arp) for all tricky configurations. BTW, I've tried arptables-0.0.1. Except that I had to patch it to make it usable on 2.4.22-rc2 (because the FORWARD chain doesn't exist on 2.4), it allows me to do the same as what 'ip arp' did for me on a patched kernel (although I prefer the iproute interface, just a matter of taste). Using my previous example, I now do the following which works : ip address add 10.0.0.1/24 dev eth0 ip address add 11.0.0.1/24 dev eth0 ip route add default via 11.0.0.2 src 10.0.0.1 arptables -A OUTPUT -d 11.0.0.0/24 -o eth0 -j mangle --mangle-ip-s 11.0.0.1 I'll send a fix to the arptable's maintainer so that it works again on 2.4. Cheers, Willy - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html