Re: working example setup for source-based routing with ipfilter?

[is%netbsd.org@localhost]

On Wed, Jul 13, 2011 at 11:28:58AM -0400, Mouse wrote:
> > The idea is to route outgoing packets to the interface that would
> > receive their source addresses (else my upstreams would filter them).
> 
> That kind of routing is exactly what srt interfaces are for.  I just
> now looked, and the version in the 5.1 source tarballs appears to at
> least try to support INET6. 

Ah, I wasn't aware of that.

> NetBSD's version is missing a change that
> makes it cooperate with "keep state" style firewalling (eg, most NAT
> setups), but that is unlikely to matter for v6.  However, it may be
> effectively unmaintained; it doesn't seem to have real locking calls in
> it, and might not work right on little-endian machines - comparing it
> against my version I see an ntohl which I think I added when I started
> using it on i386 (for most of its existence I was using it on sparc).

Oh. Where is that ntohl ? Would you create a patch, please?

> Still, might be worth trying.


> Of course, if you have some reason for wanting to do this with ipfilter
> in particular, then ignore me. :-)

hm... I'm needing it for production use...

        -is