also sprach tony mancill <tmanc...@debian.org> [2009.12.08.0444 +0100]: > This seems like a reasonable approach. The entry in the rt_tables file > (/etc/iproute2/rt_tables in the Debian package of iproute) is only > needed if we want to refer to the routing table by a name, although I > suppose it does server a purpose similar to /etc/services in reserving a > table number. However, iodine could also simply find an empty table by > starting with $table=1 and incrementing $table until "ip route list > table $table" is empty.
Sure, that might work, but the admin should be able to label the table, and ideally, this was regulated by policy. ;) > So to reiterate (to ensure that I understand), iodine takes the > existing default route and adds a host route to the iodine server > via that route to the a newly created routing table (which the > iodine client can determine dynamically). Then mark outgoing > packets to iodine server so that the policy rule shuttles them > through the dynamically created routing table. When the client > shuts down, it simply remove the marking rule and deletes the > dynamically created routing table. > > Is that the gist of it? Yes. -- .''`. martin f. krafft <madd...@d.o> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
