| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Oct 2006 15:12:01 -0500 From: Luke -Jr <luke@...hjr.org> To: Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: IP routing with fwmark Having trouble getting my routing rules to work. Basically, I just want to lock a connection to use a single network interface. The common and only method (compatible with IP forwarding) seems to be using CONNMARK to keep track of the interface each connection is assigned to. However, for some reason, it appears the Linux IP routing table is not correctly processing the fwmark rules: 12: from all fwmark 0xa lookup inet_sbc Both inet_sbc and main tables have a default route set. If I prepend "prohibit default" into *either* of the tables (main or inet_sbc), the packet is dropped. Since a packet only has a single route, this suggests that Linux is doing two routing lookups, and only processing the fwmark rules in the first one (which, if not an error, is ignored and overridden by the later lookup). Any other possibilities, suggestions, ideas, or fixes? Or should I post more details? Thanks, Luke-Jr (CC replies please) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists