On Thu, Jul 3, 2008 at 4:02 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > Routing tables become xtables chains. We would not lose anything. > In fact, you would gain the possibilty to jump to further chains, > something not possible in routing today. > > rt input: > > ip rule fwmark 5 table 5 > ip rule fwmark 6 table 6 > ip route add 10.10.96.2/32 dev eth2 table 5 > ip route add via 10.10.96.1 dev eth0 table 5 # default route > ip route add via 10.11.96.1 dev eth1 table 6 # default orute > > in xtables (ROUTE is a terminating target): > > -N table5 > -N table6 > -A table5 -d 10.10.96.2 -j ROUTE --dev eth2 > -A table5 -j ROUTE --via 10.10.96.1 --dev eth0 # default route! > -A table6 -j ROUTE --via 10.11.96.1 --dev eth1 # also a default > -A ROUTING -m mark --mark 5 -j table5 > -A ROUTING -m mark --mark 6 -j table6 Wouldn't this break with normal routing concepts, since xtables traverses the chain linearly, while routing lookups use longest prefix match (most specific route wins)? IOW, unless xtables automatically inserted the rule into the correct spot in the chain (as opposed to just appending to the end of the chain like -A implies), you could run into situations where specifying the rules out of order would send the packet to the wrong next-hop. Regards, James -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html