> This change causes ip_route_input to select different path from
> the multipath route when masqueraded.
Pheew... "multipath" route + when "masqueraded" + rules introducing
dependency on tos. Do not make this and live in peace. :-)
> - we need a place (ROUTING chain?) where each masqueraded connection
> can feed ip_route_input
ip_route_input is called on a packet. It needs no more arguments.
Shortly, you can understand from this my statemnet above that
I have lost sync and confused a lot. :-) :-) Seems, I need to return
to that your mail where "lsrc" was explained.
> - without lsrc arg the multipath usage can easily fail on route
> cache flush
sounds like a nonsense. Multipath surely cannot fail just because
all the attributes of balanced routes are equivalent.
Or were you able to imagine situation when one of paths is masqueraded
and another is not or masqueraded differently? Just stop such fantasms.
NAT is _not_ permitted in environments with not trivial routing and
based on notion of strict barrier. It is an axiom.