On 11/14/07 11:29, Brian S Julin wrote: >> A couple other ways this could happen would be to get iproute to run >> the routing decision twice after pulling the traffic out of the stack >> and reinjecting it. Another would be if there were floating around >> some iptables/ebtables match module that could pre-match against a >> kernel routing table (by source or destination) PREROUTING. Then a >> mark could be put on and iproute2 would just follow that. > >I'm wondering if IPSet would be able to help you out here. If you had a >set that contained the IPs for one route and another set that contained >the IPs for the other route, you could match and mark based on set's and >thus use marks to decide how to handle the traffic. To pull this off >you would just need something to update the ip sets in decent time. >Granted your sets will probably contain net blocks, not IPs. Yeah it's that "something to update" that I'm trying to decide on. I could write a script easy, but a preferable solution would not be glued together that way. Maybe I should look into making the kernel auto-create some read-only user-visible ipsets when it creates rp_tables. I take it the iproute2 and netfilter stuff is not quite yet sharing code at this point (I haven't looked)? - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
