On Friday 2008-07-04 00:02, Jozsef Kadlecsik wrote: >> >> User-defines chains return to the main chain once control runs off >> their end. Since the main chain has a default policy, I do not see >> aproblem. > >That means we'd not support multiple routing tables with default >routes. We'd loose an important functionality, which is >unacceptable. Routing tables become xtables chains. We would not lose anything. In fact, you would gain the possibilty to jump to further chains, something not possible in routing today. rt input: ip rule fwmark 5 table 5 ip rule fwmark 6 table 6 ip route add 10.10.96.2/32 dev eth2 table 5 ip route add via 10.10.96.1 dev eth0 table 5 # default route ip route add via 10.11.96.1 dev eth1 table 6 # default orute in xtables (ROUTE is a terminating target): -N table5 -N table6 -A table5 -d 10.10.96.2 -j ROUTE --dev eth2 -A table5 -j ROUTE --via 10.10.96.1 --dev eth0 # default route! -A table6 -j ROUTE --via 10.11.96.1 --dev eth1 # also a default -A ROUTING -m mark --mark 5 -j table5 -A ROUTING -m mark --mark 6 -j table6 >> Because traditional routing tables can have no default route, >> xtables should not be forced to have one either. > >Routing tables can have default route. Most of the time this is the main >point when using multiple routing tables: source routing via another >default route. It is very easy to not have a default gateway. ip route flush ip route add 10.10.96.0/20 dev eth0 Try pinging 134.76.12.5 with that. Will fail with Network Unreachable. The xtables representation henceforth: -A ROUTING -d 10.10.96.0/20 -j ROUTE --dev eth0 -A ROUTING -j ROUTE --unreachable or alternatively something like -P ROUTING UNREACHABLE. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
