Subject: Re: illegal network routes and a ponderance
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-net
Date: 02/18/2003 22:24:47
> [Linux]
> route add -host dev eth0

I think I see.  This amounts to my (b), I think, done with a new type
of route, one which routes an arbitrary address (or possibly a whole
network) to an interface rather than to a gateway.  A little like an
interface route in a normal IP stack, but unrelated to any interface
address.  See below about breaking the IP routing model.

I'm curious, though - why not just "route add default dev eth0"?  Does
that not work?

>> I still can't figure out what it would even _mean_ to have a route
>> pointing to a gateway what's not on-net for any configured interface
>> address, or where you would expect such packets to be sent.
> You can't program the default route with an IP address that isn't in
> your netmask, even if it's still on the same ethernet segment as you
> are.

Of course not, because you're not on the same network (in the IP sense,
not in the layer-2 sense).

>> Hypothetical example: [...]
>> Now, we add a default route pointing to  [...]
> Where is


> How did that IP get in there?

It's a more or less arbitrary IP that is not on-net for any configured
interface address.  I _thought_ we were talking about routes with
gateways that are not on-net for any configured interface address....

> According to what you're describing above, can't *be*
> the default route because NetBSD chokes on it.

Exactly.  You seem to want to make it not choke, and I was trying to
find out how you proposed to define it so the behaviour would be

> On Linux, we could do this to get around that minor problem:

> route add -host dev eth0

Okay, that answers one question (the one of how it is supposed to tell
what interface to send the packets out): the admin must configure it.

How does it tell what MAC address to send to?  Just arp for as if eth0 had an address it's on-net for?  Based on a
quick test I just did (using srt, which I discussed here briefly a
little while ago, to convince it to send packets out an Ethernet with
an off-subnet destination address), I don't think the arp code will
like that.  I suppose you could try to "fix" it....

>>> *Many* ethernet segments are shared by multiple networks.
>> Certainly.  And as far as I can see this fact is totally irrelevant
>> to the discussion at hand.
> Not at all.  It currently seems impossible (unless perhaps I'm
> missing something, which itself is certainly possible) to set the
> default route to be an IP on one of those other networks.

It's no problem at all - provided the machine you're on has an address
on that "other network" on the interface in question.  Just running
multiple (sub)nets on a single cable doesn't cause any problems.  It's
only when you expect a machine to speak directly to a network it
doesn't have any address on that things break.  IP just isn't designed
for that; the routing architecture involves one or more gateways
between any two distinct (sub)networks, gateways with addresses on the
relevant networks.  It appears you're trying to change that, without
actually redesigning IP routing to match.  I'm actually somewhat
astonished NetBSD comes as close to letting you get away with it as it

I'm running and on the same "cable"
(actually, 10baseT hub) right now.  It works fine - because each
machine involved has two addresses on the relevant interface, one on
each network.

> Sure would be nice. This makes very little sense to me:

> :douglas:17:13:52 /doke# route add -net -interface
> add net gateway
> :douglas:17:14:01 /doke# ping
> PING ( 56 data bytes
> 64 bytes from icmp_seq=0 ttl=255 time=0.755 ms
> [...]
> :douglas:17:14:05 /doke# route delete default
> delete net default
> :douglas:17:14:08 /doke# route add default
> writing to routing socket: Network is unreachable
> add net default: gateway Network is unreachable

> Why is it bitching about an unreachable network?

> I just pinged the IP a moment ago.

The message is misleading.  It actually means "network not directly
attached", and arguably another errno should have been added for that.
You can probably ping (, too, but that
doesn't mean you should be able to "route add default".

> Now, routing directly to foreign networks seems possible:

> :douglas:17:13:52 /doke# route add -net -interface
> :douglas:17:13:54 /doke# ping
> PING ( 56 data bytes
> 64 bytes from icmp_seq=0 ttl=255 time=0.897 ms

> But not default routes.

You haven't shown that.  You didn't try "route add default -interface", did you?  I don't see it above.

What you have shown doesn't work is adding an ordinary (= routed
through a gateway) default route whose gateway is a host that's behind
one of these funny "destination is an interface" routes.  I suspect
that you'll find that you can't "route add"
any more than you can "route add default" - that it's got
nothing to do with its being a default route, but rather with how
you're trying to set it up.

> My other gripe is that NetBSD sends out the wrong interface, traffic
> which must be fast-routed with an ipfilter rule.  A machine with:

> fxp0:
> fxp1:

> ... will answer out when any non-specifically-routed traffic
> comes in on

Only if that's where the route to the peer address points.

> With a source address of  That's just not right.

The packet should go out the interface through which the route to the
peer address points.  (If you can state opinion as if it were fact, so
can I.)

If you want to route based on the ip_src of the packet, well, that's
what I wrote the srt pseudo-interface for; the normal routing tables
are not designed for that.  (I wanted something very similar: I wanted
traffic to go out the interface appropriate for traffic's _local_
address.  Realizing that the routing table isn't designed for that, I
wrote something that was.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B