Re: [ANNOUNCE] ipset 6.13 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2 Jul 2012, Mr Dash Four wrote:
 
> > > > Maybe ASCII art helps better to explain the different views:
> > > > 
> > > > - Mr Dash Four
> > > > 
> > > >                      -----------
> > > >   pkt comes in ----- | machine | ----- pkt goes out
> > > >                    ^ ----------- ^
> > > >                  destination   source
> > > > 
> > > > - my view follows how the subsytem sees the interfaces
> > > > 
> > > >                              ------------------
> > > >   pkt comes in --- interface | ipset subsytem | interface --- pkt goes
> > > > out
> > > >                            ^ ------------------ ^
> > > >                        source               destination
> > > > 
> > > >         
> > > How do you explain that the same "ipset subsystem" treats the IP address
> > > of the "source" interface (according to your diagram above) as
> > > "destination" when I match the same (incoming) packet above?
> > >     
> > 
> > The source and destination IP addresses come of course from the packets.
> > They have nothing to do with the interfaces - one can route any (sort of)
> > packet with any source/destination IP addresses to whatever interface.
> > 
> > Do you skip routers and think of end hosts only, where the
> > destination/source IP address is that of the receiving/sending interface?
> >   
> I see you are avoiding my questions as per usual, so I'll ask them again, for
> the last time:-
> 
> 1) Why is it that the same "ipset subsystem" in your diagram above doesn't
> seem to apply the same criteria and treats the IP address of the "source"
> interface as a "destination" (not "source"), in order to get a match for the
> same type of (incoming) packet; and

Nobody talks about the IP address of the interface - just you.
 
> 2) How do you explain that the same designation ("destination") applies for
> everything else in that "ipset system" (not to mention iptables/netfilter)
> with the notable exception of hash:net,iface set for the same type of match
> (incoming packet)?

I have wasted my time, so I stop here and the thread is ended for me.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux