On Mon, 28 Oct 2002, Antony Stone wrote: > On Monday 28 October 2002 9:18 pm, Oskar Andreasson wrote: > > > Hi Antony, > > > > On Mon, 28 Oct 2002, Antony Stone wrote: > > > > > > Why do you have a routing decision between OUTPUT and NAT ? What > > > "decision" is there to be made ? > > > > When you bring it to light... I don't know... > > > > Because of your mail, I started checking it out... and I can't actually > > find any "routing" decisions being made after NF_IP_LOCAL_OUT or before > > the IP_NF_POST_ROUTING, nor do any documents I found (so far) point any > > such point out, more than mine... > > The only thing I can think of is "which interface should this packet go out > of", however that's certainly not the same sort of "decision" as there is > between PREROUTING and INPUT or FORWARD, and I'm not even sure it belongs > quite where it is shown... It does exist between OUTPUT and NAT. But the decision structure is more along the lines of rule application. Thus you can issue rules such as: ip rule add from 10.1.1.1 dev lo table mytable prio 13000 and any packet coming from the local machine (ie exiting OUTPUT) would then be acted upon by this rule. see? > The main reason I commented on it is that I would expect something labelled a > "decision" to have more than one possible outcome (eg the first routing > decision leads on to either INPUT or FORWARD depending on the destination > address), whereas even for the question of which interface to use, this is > not relevant to netfilter - there are no choices involved. > > Anyway, just my 2c, as the saying goes... > > Antony. > > -- > > Most people are aware that the Universe is big. > > - Paul Davies, Professor of Theoretical Physics > -------------------------------------------------- Matthew G. Marsh, President Paktronix Systems LLC 1506 North 59th Street Omaha NE 68104 Phone: (402) 932-7250 x101 Email: mgm@paktronix.com WWW: http://www.paktronix.com --------------------------------------------------
