is this the zillionth mail asking for this detail?

Jozsef Kadlecsik kadlec at blackhole.kfki.hu
Thu Jul 21 16:02:03 CEST 2005


On Thu, 21 Jul 2005, [ISO-8859-1] Jörg Harmuth wrote:

> >>>local process -> routing -> OUTPUT chain -> routing -> POSTROUTING chain
> >>>
> >>>No problem with policy routing for the locally generated traffic.
> >>
> >>This sounds like a total overhead calculating the route twice.
> >
> > The first one is required to fill out output device for the packet. The
> > second one is there to give chance to play with routing in OUTPUT.
>
> Still only 95% clear to me. You say, the second routing decision takes
> place right after filter/OUTPUT ? And if so, do packets after
> filter/FORWARD have this second routing decision too ?

No, that's the forward path.

But for the record: for locally generated packets the routing engine is
called after OUTPUT only if source address, destination address, nfmark
field or tos of the skbuff changed. So it's not called blindly for every
packet.

Best regards,
Jozsef
-
E-mail  : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary



More information about the netfilter mailing list