On Tue, Sep 05, 2006 at 10:26:33AM +0200, Pavel Cahyna wrote:
> On Sat, Sep 02, 2006 at 04:22:44PM -0500, David Young wrote:
> > For review, here are my latest patches adding a mechanism
> > for enforcing an IPv4 source-address selection policy,
> > <ftp://cuw.ojctech.com/cuw/netbsd-e3b075d7/pristine-selsrc-patch>.
> > Below, I document the impact of the patches a bit.  I will turn this
> > text into a manual page.
> > 
> > The patches let an operator set the policy by which the kernel chooses a
> > source address for any socket bound to the "wildcard" address, INADDR_ANY.
> > Note that the policy is applied *after* the kernel makes its forwarding
> > decision, thereby choosing the output interface; in other words, this
> > mechanism does not affect whether or not NetBSD is a "strong ES".
> 
> My impression is that it introduces a quite complicated interface to
> achieve only limited results.

Can you suggest any less complicated interface to achieve the same or
better result?

> Namely, you can't apparently request a
> source address from a different interface.

As Mihai said, you can still bind any address you like.  It would be easy
to extend the source-selection patch so that it considered addresses on
interfaces other than the output interface, however, I leave that up to
somebody else.

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933