Re: npf and source routing

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

>> Sounds like what srt is designed for.  (If srt has survived to the
>> version you're using, that is.)
> srt is still here.  But the documentation isn't very explicit on
> setup; how do you force outgoing packets to go through srt ?

The same way you get outgoing traffic to use any other interface.  I
typically do it by establishing a route out the srt interface,
something like

	ifconfig srt0 my.ad.dre.ss 10.255.255.254
	route add default 10.255.255.254
	...srtconfig commands to set up srt0...

(I usually use srt0 for my default route.  Change the route add as
appropriate.)

If I assume a setup like

	vlan0	10.0.0.2/24, upstream at 10.0.0.1
	vlan1	172.16.0.2/24, upstream at 172.16.0.1

with connections I initiate using the vlan0 address, then my first cut
would be something like

	...set up vlan0 and vlan1...
	ifconfig srt0 10.0.0.2 10.255.255.254
	route add default 10.255.255.254
	srtconfig srt0 set 0 10.0.0.0/24 vlan0 10.0.0.1
	srtconfig srt0 set 1 172.16.0.0/24 vlan1 172.16.0.1

The choice of 10.0.0.2 as the srt0 address is because connections this
host initiates will, at least in my experience, use the primary address
of the interface the default route points out as their address, and I
assumed host-initiated connections should use the vlan0 address.

If vlan0 and/or vlan1 use(s) DHCP for addressing, I'd use the hooks
provided by dhclient-script to prevent DHCP from actually installing a
default route in the kernel.

I don't recall whether I ever made srt handle IPv6.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B