lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4561DCB3.9020706@plessis.info>
Date:	Mon, 20 Nov 2006 17:49:55 +0100
From:	Benoit Plessis <benoit@...ssis.info>
To:	linux-kernel@...r.kernel.org
Subject: Strange network routing behaviour when routing locally generated
 packets

[1.] One line summary of the problem:

Strange network routing behaviour when routing locally generated packets

[2.] Full description of the problem/report:

I  encountered two linked weird behavior of the network paquet routing 
process
when used in conjonction with iptables' MARK-ing capabilities.

First it's impossible for a local process to send packets to a 
destination that is not
available appart from a routing table selected by a 'ip rule add fwmark'.
ping process reply 'Network Unreachable' for example.

I must say that all does not occur when routing packet generated from 
another computer.

And second, which is somehow related, if there is an available route 
entry for a destination
that will be MARK'ed by iptables and then routed using a special routing 
table the
source ip address for the packet will be the source generated from the 
first route entry
even if the second entry specify another output device and source ip.


[3.] Keywords (i.e., modules, networking, kernel):

networking, advenced routing, iptables, local process

[4.] Kernel version (from /proc/version):
Linux version 2.4.27-3-686-smp (pbuilder@...60-g3) (gcc version 3.3.5 
(Debian 1:3.3.5-13)) #1 SMP Thu Sep 14 07:44:00 UTC 2006
Linux version 2.6.17-2-686 (Debian 2.6.17-9) (waldi@...ian.org) (gcc 
version 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)) #1 SMP Wed Sep 13 
16:34:10 UTC 2006

[5.] Most recent kernel version which did not have the bug:
none known
[6.] Output of Oops.. message (if applicable) with symbolic information
     resolved (see Documentation/oops-tracing.txt)
[7.] A small shell script or example program which triggers the
     problem (if possible)

# ip route show table 200
192.168.2.0/24 via 192.168.1.65 dev eth0 src 192.168.1.1
0:      from all lookup local
32765:  from all fwmark 0x1 lookup 200
32766:  from all lookup main
32767:  from all lookup default

# ip route show
172.31.254.0/28 dev eth1  proto kernel  scope link  src 172.31.254.2
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
172.24.16.0/21 dev eth0  proto kernel  scope link  src 172.24.16.1

# iptables -t mangle -A OUTPUT --dest 192.168.2.0/24 -j MARK --set-mark 1

# ping 192.168.2.65
connect: Network is unreachable

# ip route add default via 172.31.254.1 dev eth1
# ping 192.168.2.65
PING 192.168.2.65 (192.168.2.65) 56(84) bytes of data.

--- 192.168.2.65 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

at this point using a tcpdump icmp on host 192.168.1.65 show the following:

17:19:10.409085 IP 172.31.254.2 > 192.168.2.65: ICMP echo request, id 
18957, seq 1, length 64

in other term the packet was correctly send to the wanted gateway but 
using wrong
source ip address ( ip address derived from the default rule)

[8.] Environment
[8.1.] Software (add the output of the ver_linux script here)

Linux fw1-bzr-lt1 2.6.17-2-686 #1 SMP Wed Sep 13 16:34:10 UTC 2006 i686 
GNU/Linux
 
Gnu C                  18:
/root/ver_linux: line 24: ld: command not found
util-linux             2.12r
mount                  2.12r
module-init-tools      3.2.2
e2fsprogs              1.39
Linux C Library        2.3.6
Dynamic linker (ldd)   2.3.6
Procps                 3.2.7
Net-tools              1.60
Console-tools          0.2.3
Sh-utils               5.97
udev                   100
Modules Loaded         iptable_nat ip_nat ip_conntrack nfnetlink 
xt_tcpudp iptable_mangle xt_MARK iptable_filter ip_tables x_tables tun 
ipv6 deflate zlib_deflate twofish serpent aes blowfish des sha256 sha1 
crypto_null af_key dm_snapshot dm_mirror dm_mod mousedev usbkbd usbcore 
intel_agp agpgart psmouse sg i2c_i801 i82875p_edac edac_mc i2c_core 
serio_raw shpchp pci_hotplug evdev sr_mod 8250_pnp cdrom rtc floppy 
pcspkr ext3 jbd mbcache sd_mod ata_piix libata scsi_mod generic ide_core 
e1000 thermal processor fan

[8.2.] Processor information (from /proc/cpuinfo):
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 15
model           : 3
model name      : Intel(R) Pentium(R) 4 CPU 2.80GHz
stepping        : 4
cpu MHz         : 2800.697
cache size      : 1024 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 5
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge 
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe 
constant_tsc up pni monitor ds_cpl cid xtpr
bogomips        : 5606.20

[8.3.] Module information (from /proc/modules):
iptable_nat 6980 0 - Live 0xf0bf5000
ip_nat 16748 1 iptable_nat, Live 0xf0bef000
ip_conntrack 48320 2 iptable_nat,ip_nat, Live 0xf0bf9000
nfnetlink 6552 2 ip_nat,ip_conntrack, Live 0xf0ba4000
xt_tcpudp 3104 1 - Live 0xf0be1000
iptable_mangle 2848 1 - Live 0xf0bdf000
xt_MARK 2432 2 - Live 0xf0ba9000
iptable_filter 3072 0 - Live 0xf0ba7000
ip_tables 12932 3 iptable_nat,iptable_mangle,iptable_filter, Live 0xf0bda000
x_tables 13252 4 iptable_nat,xt_tcpudp,xt_MARK,ip_tables, Live 0xf0bc9000
tun 10208 1 - Live 0xf0bc5000
ipv6 222304 26 - Live 0xf0c1d000
deflate 3808 0 - Live 0xf09c4000
zlib_deflate 18552 1 deflate, Live 0xf0bbf000
twofish 42880 0 - Live 0xf0bce000
serpent 19232 0 - Live 0xf0bb9000
aes 28160 0 - Live 0xf0bb1000
blowfish 9312 0 - Live 0xf0b7a000
des 17376 0 - Live 0xf0bab000
sha256 11040 0 - Live 0xf0b66000
sha1 2624 0 - Live 0xf09c6000
crypto_null 2624 0 - Live 0xf08be000
af_key 31568 2 - Live 0xf0b9b000
dm_snapshot 16032 0 - Live 0xf0b5c000
dm_mirror 18928 0 - Live 0xf097d000
dm_mod 50424 2 dm_snapshot,dm_mirror, Live 0xf0b6c000
mousedev 10788 0 - Live 0xf09c0000
usbkbd 6784 0 - Live 0xf0814000
usbcore 111616 1 usbkbd, Live 0xf0b7e000
intel_agp 21116 0 - Live 0xf09d3000
agpgart 29864 1 intel_agp, Live 0xf09ca000
psmouse 34600 0 - Live 0xf09ac000
sg 30972 0 - Live 0xf09b7000
i2c_i801 8236 0 - Live 0xf09a8000
i82875p_edac 6244 0 - Live 0xf087d000
edac_mc 12964 1 i82875p_edac, Live 0xf0983000
i2c_core 19552 1 i2c_i801, Live 0xf083c000
serio_raw 6596 0 - Live 0xf084c000
shpchp 34272 0 - Live 0xf0961000
pci_hotplug 27196 1 shpchp, Live 0xf0975000
evdev 9088 0 - Live 0xf0879000
sr_mod 15876 0 - Live 0xf0847000
8250_pnp 8704 0 - Live 0xf0834000
cdrom 32448 1 sr_mod, Live 0xf096c000
rtc 12340 0 - Live 0xf0842000
floppy 54276 0 - Live 0xf08ef000
pcspkr 3040 0 - Live 0xf0802000
ext3 118568 7 - Live 0xf0921000
jbd 50292 1 ext3, Live 0xf08e1000
mbcache 8324 1 ext3, Live 0xf0838000
sd_mod 18592 9 - Live 0xf081d000
ata_piix 11556 8 - Live 0xf0830000
libata 61420 1 ata_piix, Live 0xf0869000
scsi_mod 123080 4 sg,sr_mod,sd_mod,libata, Live 0xf0988000
generic 4420 0 [permanent], Live 0xf081a000
ide_core 111016 1 generic, Live 0xf08a1000
e1000 100248 0 - Live 0xf084f000
thermal 12904 0 - Live 0xf082b000
processor 25512 1 thermal, Live 0xf0823000
fan 4516 0 - Live 0xf0817000

[8.4.] Loaded driver and hardware information (/proc/ioports, /proc/iomem)
[8.5.] PCI information ('lspci -vvv' as root)
[8.6.] SCSI information (from /proc/scsi/scsi)
[8.7.] Other information that might be relevant to the problem
       (please look in /proc and include all information that you
       think to be relevant):
All this has been tested on a bunch of distro/kernels with allways the 
same result.

Regardsn

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ