Re: npf and source routing

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

>> I've been using it routinely.  I'm not aware of anyone else who has
>> been,

> I do, it is used for IPv6 routing on munnari to deal with ingress
> filtering in the two (different) v6 networks that munnari is
> connected to.

Cool, so (a) it's being useful, and (b) it's being at least mostly
protected against bitrot.

> My config is different than yours, I don't bother giving the srt
> interface an address (except a v6 LL addr) ... it all seems to work
> just fine.

I give it an address only for the sake of being able to point a route
destination out it.  How do you arrange to get packets sent out it in
your config?  A route pointing to a LL address?  ipf?  Something else?

Hm, that's odd; I'm not seeing a v6 LL address on my srt0, and that
machine is my main house router, so it definitely has v6 turned on.
Maybe a version difference, maybe I broke something else...someday
maybe I should investigate, but at the moment I'm inclined to not
meddle with something that's not actively broken.

> Is there a reason you use "srtconfig srt0 set" instead of "add" ?

No, not really, possibly excepting idempotency - if you use set, you
can repeat those setup commands without any harm, whereas if you use
add for your setup commands, repeating them won't eliminate the
(possibly incorrect) old configuration and will lead to ballooning the
config unnecessarily.  (Whether this matters, of course, depends on
whether that's an important use case.)

Oh, one note I also forgot to mention: if the configuration settings
are mutually exclusive (which they were in my example - no packet can
match both config entries), so that relative order doesn't matter for
correctness, then for the sake of performance you might want to make
sure the commoner ones end up lower-numbered than the rarer ones.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B