On Saturday 2012-02-11 10:15, vivek rajagopalan wrote: >I am trying to set the source ip of an RX packet to a local IP in a >pre_route filter (from within a kernel module) but the kernel drops >such a packet during routing phase. By local IP I mean one of the IP >addresses defined on the system running my kernel module. At what >point is the kernel dropping the packet? rp_filter comes to mind. >Is it that the kernel doesn't like a packet received from the network >with a local source IP? It would indicate a spoofing attempt. >The bigger picture is the following. I have a linux box with 4 >interfaces each having multiple local IPs. This box needs to route >packets to multiple remote subnets. In order to successfully route >packets i had to create multiple routing table entries towards every >new remote subnet encountered. However the remote subnets far exceed >the local IPs and hence I was exploring the usage of policy based >source routing so as to minimize the creation of routing entries. Changing the addresses in-flight breaks end-to-end connectivity. It will be better if you would, for example, mark the packets in the RX path, based upon your desired criteria, and reuse this mark value to select the routing table. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
