[uClibc] Offtopic: questions about restore linux route tables

Oleg Girko ol at infoserver.ru
Tue Jul 5 06:39:43 MDT 2005 

Hello! Excuse me for answering the offtopic question, but probably, it may be 
interesting to someone else.

On Monday 04 July 2005 12:23, Zhuang Yuyao wrote:

> The question is: Is it possible to keep the route even the interface is
> unavailible until user EXPLICITLY deleted it? just as the iptables doing.

There is a big difference between routing table and iptables. Each element of 
routing table has internal interface index inside. It is used by the kernel 
to determine which interface to use for outgoing packet. Interface index is 
just an index in kernel interface table which is used to find interface. You 
can rename interface, but the index will remain the same, and routing table 
will remain correct. But if interface goes away, interface index becomes 
invalid, and routes which reference this index must be deleted. Kernel takes 
care or this automatically.

On the other hand, iptables entries do not store interface index. Instead they 
store textual interface name pattern. There can be different number of 
interfaces which match this pattern. You can write “eth0” as pattern, which 
matches exactly “eth0” name, but you can also write “eth+”, which matches all 
interfaces with names starting with “eth”, or even “e+”, which matches all 
interfaces with names starting with “e”. When you create or rename 
interfaces, nothing changes in iptables internal structure. All interface 
name matching happens when packet arrives.

So, formal answer to you question is: no, it's impossible.

> Or, is there an elegant way to solve such a problem.

Yes, of course. Just don't use kernel to store system configuration, store it 
in another place. Working on Stratum firewall (http://www.stratum.lv/), I 
came to the following solution: all current state is managed by configuration 
server, which is started on system boot. Web interface and command-line 
interface do not change system state directly. Instead, they send commands to 
configuration server using simple RPC protocol. Configuration server has 
high-level view of system state. It commits changes to kernel using system 
calls when user changes current configuration.

-- Oleg Girko, http://www.infoserver.ru/~ol/

More information about the uClibc mailing list