On Mon, Aug 30, 2004 at 10:39:20PM -0700, David S. Miller wrote:
>
> > If you're wondering why the second lookup is returning a different
> > interface at all, it's because the routing lookup in MASQUERADE is
> > done as if the packet was generated by localhost. This is obviously
> > going to differ from the normal routing lookup if the packet was
> > forwarded.
>
> I understand this description.
>
> Would it be enough to set 'out' to rt->u.dst.dev after the call to
> ip_route_output_key() in ipt_MASQUERADE.c?
Unfortunately no. You see the result of ip_route_output_key() is
not used at all so you can set rt->u.dst.dev all you like and it
isn't going to make any difference :)
The only reason we're making that call in MASQUERADE is so that we
can get the source address from the resulting dst.
Now if the dst is pointing to the wrong device, then that source
address may be invalid.
In fact I wonder if Alexey was aware of the fact that this dst is
not going to be used for routing the packet. It's thrown away
immediately after we get the source address.
In this case I really don't see what's wrong with setting oif in
the key. In fact that's exactly what we want to do: Get the
preferred source address when the localhost is going to send
a packet to *that* device.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|