On 10/25/2015 07:11 PM, Pascal Hambourg wrote:
macach a écrit :
Why it is not possible to mark packet BEFORE "route selection" in OUTPUT chain.
Because when the initial route selection happens, the packet does not
exist yet. It is in the process of being created. The reason why route
selection takes place during the packet creation is that its result
influences packet features such as the source address, TOS...
Thank you for your answer.
I understand that it necessary to put "something" into the packet header.
But why it should be one of many interfaces ip, which may be changed later.
In this case, without default route, packet will never left "route selection", this is completely irrational = just to put something and
change it later.
If packet transformation doesn't finish at this point, why to apply routing and interface source ip?
Why do not use local host ip = 127.0.0.1, inside of output packet belongs to the local host anyway.
Then apply mangle (if any) and other modification (if any), then finally select appropriate route.
And routing decision should the last action, because I think router it just packet dispatcher.
Also I forgot to ask: why second "route selection" doesn't change source ip.
For example in multi-routing table when decision is made by port or destination.
It is necessary to add another operation to modify source ip according to interface: -t nat POSTROUTING ... -j SNAT ...
Thank you in advance.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
