[uClibc] Offtopic: questions about restore linux route tables
Oleg Girko
ol at infoserver.ru
Tue Jul 5 06:39:43 MDT 2005
Hello! Excuse me for answering the offtopic question, but probably, it may be
interesting to someone else.
On Monday 04 July 2005 12:23, Zhuang Yuyao wrote:
> The question is: Is it possible to keep the route even the interface is
> unavailible until user EXPLICITLY deleted it? just as the iptables doing.
There is a big difference between routing table and iptables. Each element of
routing table has internal interface index inside. It is used by the kernel
to determine which interface to use for outgoing packet. Interface index is
just an index in kernel interface table which is used to find interface. You
can rename interface, but the index will remain the same, and routing table
will remain correct. But if interface goes away, interface index becomes
invalid, and routes which reference this index must be deleted. Kernel takes
care or this automatically.
On the other hand, iptables entries do not store interface index. Instead they
store textual interface name pattern. There can be different number of
interfaces which match this pattern. You can write “eth0” as pattern, which
matches exactly “eth0” name, but you can also write “eth+”, which matches all
interfaces with names starting with “eth”, or even “e+”, which matches all
interfaces with names starting with “e”. When you create or rename
interfaces, nothing changes in iptables internal structure. All interface
name matching happens when packet arrives.
So, formal answer to you question is: no, it's impossible.
> Or, is there an elegant way to solve such a problem.
Yes, of course. Just don't use kernel to store system configuration, store it
in another place. Working on Stratum firewall (http://www.stratum.lv/), I
came to the following solution: all current state is managed by configuration
server, which is started on system boot. Web interface and command-line
interface do not change system state directly. Instead, they send commands to
configuration server using simple RPC protocol. Configuration server has
high-level view of system state. It commits changes to kernel using system
calls when user changes current configuration.
-- Oleg Girko, http://www.infoserver.ru/~ol/
More information about the uClibc
mailing list