Maybe ASCII art helps better to explain the different views:
- Mr Dash Four
-----------
pkt comes in ----- | machine | ----- pkt goes out
^ ----------- ^
destination source
- my view follows how the subsytem sees the interfaces
------------------
pkt comes in --- interface | ipset subsytem | interface --- pkt goes out
^ ------------------ ^
source destination
How do you explain that the same "ipset subsystem" treats the IP address
of the "source" interface (according to your diagram above) as
"destination" when I match the same (incoming) packet above?
The source and destination IP addresses come of course from the packets.
They have nothing to do with the interfaces - one can route any (sort of)
packet with any source/destination IP addresses to whatever interface.
Do you skip routers and think of end hosts only, where the
destination/source IP address is that of the receiving/sending interface?
I see you are avoiding my questions as per usual, so I'll ask them
again, for the last time:-
1) Why is it that the same "ipset subsystem" in your diagram above
doesn't seem to apply the same criteria and treats the IP address of the
"source" interface as a "destination" (not "source"), in order to get a
match for the same type of (incoming) packet; and
2) How do you explain that the same designation ("destination") applies
for everything else in that "ipset system" (not to mention
iptables/netfilter) with the notable exception of hash:net,iface set for
the same type of match (incoming packet)?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
