lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4B54D192.5050503@gmail.com>
Date:	Mon, 18 Jan 2010 13:24:34 -0800
From:	Dyadya Skrudzh <gorshkov@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: Policy-routing of locally originated traffic?

Hello.

Short version: Is it possible?

Long question: read on!

I'm trying to do some weird thing, here. There's dynamips running on my 
F11 box
(kernel 2.6.30.10-105.fc11.i586) emulating Cisco 7200 router with two 
FastEthernets.

Interfaces are connected as:

f0/0 is attached to tap10 on Linux
f0/1 is attached to tap20 on Linux

IP addresses are:

tap10: 10.10.0.1/16
f0/0: 10.10.0.2/16
f0/1: 10.20.0.2/16
tap20: 10.20.0.1/16

Policy routing configured as:

[root@lab ~]# ip rule
0:      from all lookup local
32764:  from 10.20.0.1 to 10.10.0.0/16 lookup tap20
32765:  from 10.10.0.1 to 10.20.0.0/16 lookup tap10
32766:  from all lookup main
32767:  from all lookup default

[root@lab ~]# ip route show table tap10
default via 10.10.0.2 dev tap10

[root@lab ~]# ip route show table tap20
default via 10.20.0.2 dev tap20

Interfaces, Linux:

[root@lab ~]# ip addr show dev tap10
7: tap10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UNKNOWN qlen 500
    link/ether 00:50:56:a7:5d:07 brd ff:ff:ff:ff:ff:ff
    inet 10.10.0.1/16 brd 10.10.255.255 scope global tap10
    inet6 fe80::250:56ff:fea7:5d07/64 scope link
       valid_lft forever preferred_lft forever

[root@lab ~]# ip addr show dev tap20
8: tap20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UNKNOWN qlen 500
    link/ether 00:50:56:b7:5b:b2 brd ff:ff:ff:ff:ff:ff
    inet 10.20.0.1/16 brd 10.20.255.255 scope global tap20
    inet6 fe80::250:56ff:feb7:5bb2/64 scope link
       valid_lft forever preferred_lft forever

Interfaces, Cisco:

interface FastEthernet0/0
 ip address 10.10.0.2 255.255.0.0
 no ip proxy-arp
!
interface FastEthernet0/1
 ip address 10.20.0.2 255.255.0.0
 no ip proxy-arp

Here's the results I got:

[ next hop, OK ]

[root@lab ~]# ip route flush cache ; ping -c 3 -I 10.10.0.1 10.10.0.2 ; 
ip route show cache
PING 10.10.0.2 (10.10.0.2) from 10.10.0.1 : 56(84) bytes of data.
64 bytes from 10.10.0.2: icmp_seq=1 ttl=255 time=2.50 ms
64 bytes from 10.10.0.2: icmp_seq=2 ttl=255 time=1.89 ms
64 bytes from 10.10.0.2: icmp_seq=3 ttl=255 time=2.06 ms

--- 10.10.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.892/2.152/2.505/0.264 ms
10.10.0.2 from 10.10.0.1 dev tap10
    cache  mtu 1500 advmss 1460 hoplimit 64
local 10.10.0.1 from 10.10.0.2 dev lo  src 10.10.0.1
    cache <local,src-direct>  iif tap10

[ another interface on Cisco, OK ]

[root@lab ~]# ip route flush cache ; ping -c 3 -I 10.10.0.1 10.20.0.2 ; 
ip route show cache
PING 10.20.0.2 (10.20.0.2) from 10.10.0.1 : 56(84) bytes of data.
64 bytes from 10.20.0.2: icmp_seq=1 ttl=255 time=2.92 ms
64 bytes from 10.20.0.2: icmp_seq=2 ttl=255 time=2.05 ms
64 bytes from 10.20.0.2: icmp_seq=3 ttl=255 time=2.05 ms

--- 10.20.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.057/2.348/2.928/0.410 ms
10.20.0.2 from 10.10.0.1 via 10.10.0.2 dev tap10
    cache  mtu 1500 advmss 1460 hoplimit 64
local 10.10.0.1 from 10.20.0.2 dev lo  src 10.10.0.1
    cache <local>  iif tap10

[ tap10 -> tap20 interface through Cisco. Does not work; ping is OK but 
route is local ]

[root@lab ~]# ip route flush cache ; ping -c 3 -I 10.10.0.1 10.20.0.1 ; 
ip route show cache
PING 10.20.0.1 (10.20.0.1) from 10.10.0.1 : 56(84) bytes of data.
64 bytes from 10.20.0.1: icmp_seq=1 ttl=64 time=0.052 ms
64 bytes from 10.20.0.1: icmp_seq=2 ttl=64 time=0.022 ms
64 bytes from 10.20.0.1: icmp_seq=3 ttl=64 time=0.021 ms

--- 10.20.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.021/0.031/0.052/0.015 ms
local 10.20.0.1 from 10.10.0.1 dev lo
    cache <local>  mtu 16436 advmss 16396 hoplimit 64
local 10.10.0.1 from 10.20.0.1 dev lo
    cache <local>  ipid 0xe686 mtu 16436 advmss 16396 hoplimit 64

Is there any way I can make it work?

Thank you,
DS
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ