lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 2 Aug 2013 12:15:03 +0200
From:	Teco Boot <teco@...-net.nl>
To:	netdev@...r.kernel.org
Cc:	boutier@....univ-paris-diderot.fr
Subject: Linux IPV6_SUBTREES not functioning

For destination & source address routing, I prefer the single routing table approach with IPV6_SUBTREES over the multiple tables with ip rules approach.
Can some take a look at my findings? It looks broken. It seems the source address check in route cache is missing.

Teco


Output:
==========
this is my system:
Linux ubuntu 3.8.0-25-generic #37-Ubuntu SMP Thu Jun 6 20:47:30 UTC 2013 i686 i686 i686 GNU/Linux
CONFIG_IPV6_SUBTREES=y
... clean up for our experiment
... add a link-local
... add default
... add some source address specific defaults
====> now I have this routing table
default from 2001:db8:10::/48 via fe80::10 dev eth0  metric 1024 
default from 2001:db8:11::/48 via fe80::11 dev eth0  metric 1024 
default from 2001:db8:12::/48 via fe80::12 dev eth0  metric 1024 
fe80::1 dev eth0  proto kernel  metric 256 
default via fe80::ff dev eth0  metric 1024 
====> show route to same destination
2001:db8:babe::1 from 2001:db8:10::1 via fe80::10 dev eth0  metric 0 \    cache 
2001:db8:babe::1 from 2001:db8:11::1 via fe80::ff dev eth0  metric 0 \    cache 
2001:db8:babe::1 from 2001:db8:12::1 via fe80::ff dev eth0  metric 0 \    cache 
2001:db8:babe::1 from 2001:db8:1::1 via fe80::ff dev eth0  metric 0 \    cache 
2001:db8:babe::1 from :: via fe80::ff dev eth0  metric 0 \    cache 
====> show route to different destinations
2001:db8:cafe::10 from 2001:db8:10::1 via fe80::10 dev eth0  metric 0 \    cache 
2001:db8:cafe::11 from 2001:db8:11::1 via fe80::11 dev eth0  metric 0 \    cache 
2001:db8:cafe::12 from 2001:db8:12::1 via fe80::12 dev eth0  metric 0 \    cache 
2001:db8:cafe::21 from 2001:db8:1::1 via fe80::ff dev eth0  metric 0 \    cache 
2001:db8:cafe::22 from :: via fe80::ff dev eth0  metric 0 \    cache 
====> now the route cache is
2001:db8:babe::1 from 2001:db8:10::/48 via fe80::10 dev eth0  metric 0 \    cache 
2001:db8:babe::1 via fe80::ff dev eth0  metric 0 \    cache 
2001:db8:cafe::10 from 2001:db8:10::/48 via fe80::10 dev eth0  metric 0 \    cache 
2001:db8:cafe::11 from 2001:db8:11::/48 via fe80::11 dev eth0  metric 0 \    cache 
2001:db8:cafe::12 from 2001:db8:12::/48 via fe80::12 dev eth0  metric 0 \    cache 
2001:db8:cafe::21 via fe80::ff dev eth0  metric 0 \    cache 
2001:db8:cafe::22 via fe80::ff dev eth0  metric 0 \    cache 
 


My script:
=======
#!/bin/sh

echo "this is my system:" 
uname -a
grep IPV6_SUBTREES /boot/config-3.8.0-25-generic

echo ... clean up for our experiment
ip -6 address flush dev eth0
ip -6 route flush table all

echo ... add a link-local
ip address add fe80::1 dev eth0

echo ... add default
ip -6 route add default via fe80::ff dev eth0

echo ... add some source address specific defaults
ip -6 route add default from 2001:db8:10::/48 via fe80::10 dev eth0
ip -6 route add default from 2001:db8:11::/48 via fe80::11 dev eth0
ip -6 route add default from 2001:db8:12::/48 via fe80::12 dev eth0

echo -n "====> "
echo now I have this routing table
ip -6 -o route show table main

echo -n "====> "
echo show route to same destination
ip -6 -o route get 2001:db8:babe::1 from 2001:db8:10::1
ip -6 -o route get 2001:db8:babe::1 from 2001:db8:11::1
ip -6 -o route get 2001:db8:babe::1 from 2001:db8:12::1
ip -6 -o route get 2001:db8:babe::1 from 2001:db8:1::1
ip -6 -o route get 2001:db8:babe::1

echo -n "====> "
echo show route to different destinations
ip -6 -o route get 2001:db8:cafe::10 from 2001:db8:10::1
ip -6 -o route get 2001:db8:cafe::11 from 2001:db8:11::1
ip -6 -o route get 2001:db8:cafe::12 from 2001:db8:12::1
ip -6 -o route get 2001:db8:cafe::21 from 2001:db8:1::1
ip -6 -o route get 2001:db8:cafe::22
echo -n "====> "
echo now the route cache is
ip -6 -o route show cache



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ