| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Jan 2007 14:41:14 -0800 From: Ben Greear <greearb@...delatech.com> To: Brendan Cully <brendan@...lai.com> CC: netdev@...r.kernel.org Subject: Re: Question on advanced routing and/or virtual routers. Brendan Cully wrote: > I started something like this a while ago (posted at > <20051006215312.GD24375@...opane.cs.ubc.ca> with a couple of replies > by Thomas Graf, but I can't seem to find it in the archives) but then > dropped the ball. It seems to work fairly well with a one-line kernel > patch to allow route lookup before the local address check. Oh, and I > didn't get traceroute working quite right either - I think there was > some trick to finding the source address for the generated reply. > > I've got some info and code here: http://dsg.cs.ubc.ca/~brendan/remus/ > Using your scripts as a starting point, and the one-liner kernel patch, I was able to get it mostly working as well. I also see trouble with traceroute and agree that the problem is getting the right source-address in the ICMP and/or UDP response packets. I'm going to start digging into the kernel to see if there is some way I can force the response out the same interface as it came in from, and also to force the source IP to be the same as the port it is leaving on. Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists