lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Mar 2007 14:38:36 +0100 From: Lennert Buytenhek <buytenh@...tstofly.org> To: Bin He <bhe@...tsol.com> Cc: netdev@...r.kernel.org Subject: Re: routing question under invisible bridge On Thu, Mar 22, 2007 at 03:52:55PM -0500, Bin He wrote: > Dear sir, Hi, > I found your email address from kernel bridge source codes. I would > appreciate if you could look into my question a little bit. The netdev@ mailing list is a better forum to ask such questions, I've CC'ed this email there. > I have an invisible bridge (br0) which contains eth0 and eth1. None > of them have an IP address because I want to it to be transparent to > the existing network. So there is no entries in kernel routing table. If you have an IP address assigned to br0, your kernel will likely have (at least) one entry in its routing table even if you didn't put any routes in there yourself. > The problem is how does it handle the routing, i.e., which eth > interface will a packet be sent to? (The decision which bridge sub-device to send a packet to isn't called 'routing', as it doesn't involve an IP routing decision -- that decision has already been made at that point.) > For example, I can create a packet and bind it to a device by > SO_BINDTODEVICE socket option. I did some tests and found: > 1) if the socket is bound to eth0 or eth1, the packet cannot be sent out. > 2) if the socket is bound to br0, it seems that the packet is only > sent out to eth0. Check out your system's ARP table (run /sbin/arp) and your br0 bridge's MAC address table (run 'brctl showmacs br0' or something like that.) When your machine wants to communicate with a remote IP address, it first sends an ARP packet to figure out what the ethernet address is that corresponds to that remote IP address. When your machine then sends an IP packet on the br0 interface to that ethernet address, the bridge code checks the MAC address table to find out whether to send it to eth0 or eth1 (if the MAC address is a known MAC address) or to both (if we have never seen the MAC address before or if it has timed out.) > So is there a way to send out a packet on a particular device? I'm not sure exactly what you are trying to do? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists