sowmini.varadhan at sun.com wrote:
> See also: CR 4974435
>
> Maybe it's better to just let ipf do this, as Jim suggests in the CR?
ipf can do the strict_dst, but I don't think it can (easily) do the
strict_src part, since that involves going back to the routing table and
doing a lookup with the additional constraint that the resulting IRE
should result in a particular ill being used.
AFAICT having both strict_dst and strict_src set does implement the
strong-ES model, hence things would be less confusing.
And I suspect that strict_src, just like strict_dst, needs to not check
anything for interfaces on which we are forwarding.
Erik
