On Fri, Aug 09, 2024 at 11:15:34AM +0200, Alexander Bluhm wrote:
> On Fri, Aug 09, 2024 at 10:40:11AM +1000, David Gwynne wrote:
> > tl;dr: i believe this change would let us simplify pf_route (the
> > loopback ip handling specifically), so it's worth it.
> 
> In contrast I have worked on all the corner cases in 15 years to
> make it work.  Maybe not the best solution, but it works.  I fear
> that at our customers somethig will break if we change behavior
> just because we think it looks better.

This is not only about looks. ICMP source selection is a massive pain
point on DFZ routers and we need to fix this. Reducing the amount of
corners to cover would be very benefitial.

> In this particular case I think using the first addreess as source
> address is wrong.  IPv4 source address selection should be done
> with a route lookup.  Basically what in_pcbselsrc() does.  And using
> the route interface address seems reasonable to me.

To be honest I think it should not matter which IP is selected in the IPv4
case. All adresses on the interface can be used to send out an ICMP error.
Now I do agree that using the same logic as in in_pcbselsrc() would benefit
consitancy.

-- 
:wq Claudio