netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
To: netdev@vger.kernel.org
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Subject: Re: [PATCH] fib_rules: add minimum prefix length
Date: Wed, 24 Jul 2013 09:57:59 +0200	[thread overview]
Message-ID: <20130724075759.GS10216@zirkel.wertarbyte.de> (raw)
In-Reply-To: <20130724021420.GA10670@order.stressinduktion.org>

Dies schrieb Hannes Frederic Sowa (hannes@stressinduktion.org):

> Yeah, it is sometimes pretty hideous to set up, especially if one uses
> ppp stuff and such. But I am unsure if this change does actually improve
> that considerable. Static setups should be easily doable right now and for
> ppp/vpn stuff, I fear, it would still lack a bit of flexibility.

Well, it does work for me. I am using a dynamic PPP uplink and an OpenVPN
tunnel where some marked traffic is guided through.

To achieve this, I always had to configure pppd with "nodefaultroute" just to
add the default route it manually in a separate table, complicating the
configuration process.

With my patches added, I can just reference a "masked" version of the main
routing table at first, ignoring the default route placed there by pppd:

echo "vpn" >> /etc/iproute2/rt_tables
ip route add table vpn default via tun0
ip rule add pref 100 lookup main prefixlength 0
ip rule add pref 200 fwmark 0xA lookup vpn

             |
             V
[ table main prefixlength >0 ]
             |
             V
       <fwmark 0xA?>   ->  [ table vpn ]
             |                   |
	     |    ,--------------´
	     V    V
        [ table main ]

That way, there is no need to reconfigure pppd, dhclient etc. If a specific
route of the main table matches, it will we used. If the main table just points
to the default route (prefixlengt == 0), it will be ignored and the packet
travels to the next rule. In the end, the complete main table might still be
consulted, including the previously shunned default route.

Works great and requires little to no hacking around distribution specific
network scripts.

> I would try to factor the prefixlen_min check out into a
> e.g. fib4_rule_constrain function for which a new field in fib_rules_ops
> needs to be created as callback. Also it would be nice to have IPv6
> support, too. ;)

Why not, sure. Working solutions today, better solutions tomorrow :-)

  reply	other threads:[~2013-07-24  7:58 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-23 22:02 [PATCH] fib_rules: add minimum prefix length Stefan Tomanek
2013-07-23 22:38 ` Stephen Hemminger
2013-07-23 22:52   ` Stefan Tomanek
2013-07-24  2:14 ` Hannes Frederic Sowa
2013-07-24  7:57   ` Stefan Tomanek [this message]
2013-07-25 16:29   ` Stefan Tomanek
2013-07-25 17:43     ` [PATCH] fib_rules/fib6rules: " Stefan Tomanek
2013-07-25 18:17     ` [PATCH] fib_rules: " Hannes Frederic Sowa
2013-07-25 18:28       ` Stefan Tomanek
2013-07-25 21:46         ` Andrew Collins
2013-07-25 22:11           ` Stefan Tomanek
2013-07-26 10:46             ` [PATCH] fib_rules: add .suppress operation Stefan Tomanek
2013-07-26 17:05               ` Hannes Frederic Sowa
2013-07-27  6:08                 ` Hannes Frederic Sowa
2013-07-27  6:26               ` Hannes Frederic Sowa
2013-07-27  7:07               ` Hannes Frederic Sowa
2013-07-27 10:21                 ` Stefan Tomanek
2013-07-27 15:10                   ` Hannes Frederic Sowa
2013-07-28 10:36                     ` Stefan Tomanek
2013-07-30  6:52                 ` [PATCH v2 1/2] fib6_rules: make error handling consistent with IPv4 Stefan Tomanek
2013-07-30  6:53                 ` [PATCH v2 2/2] fib_rules: add .suppress operation Stefan Tomanek
2013-07-30  7:03                   ` David Miller
2013-07-30  7:23                     ` Stefan Tomanek
2013-07-30  7:34                       ` David Miller
2013-07-30  7:46                 ` [PATCH v3] " Stefan Tomanek
2013-07-31 22:13                   ` David Miller
2013-08-01  0:24                     ` Stefan Tomanek
2013-08-01  0:26                       ` David Miller
2013-08-01  0:17                 ` [PATCH v4] " Stefan Tomanek
2013-08-01  0:27                   ` David Miller
2013-08-01  1:26                     ` Stefan Tomanek
2013-08-01  5:35                       ` Hannes Frederic Sowa
2013-07-26 10:54           ` [PATCH] fib_rules: add minimum prefix length Stefan Tomanek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130724075759.GS10216@zirkel.wertarbyte.de \
    --to=stefan.tomanek@wertarbyte.de \
    --cc=hannes@stressinduktion.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).