lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Fri, 23 Mar 2007 14:38:36 +0100
From:	Lennert Buytenhek <>
To:	Bin He <>
Subject: Re: routing question under invisible bridge

On Thu, Mar 22, 2007 at 03:52:55PM -0500, Bin He wrote:

> Dear sir,


> I found your email address from kernel bridge source codes. I would
> appreciate if you could look into my question a little bit.

The netdev@ mailing list is a better forum to ask such questions,
I've CC'ed this email there.

> I have an invisible bridge (br0) which contains eth0 and eth1. None
> of them have an IP address because I want to it to be transparent to
> the existing network. So there is no entries in kernel routing table.

If you have an IP address assigned to br0, your kernel will likely have
(at least) one entry in its routing table even if you didn't put any
routes in there yourself.

> The problem is how does it handle the routing, i.e., which eth
> interface will a packet be sent to?

(The decision which bridge sub-device to send a packet to isn't
called 'routing', as it doesn't involve an IP routing decision --
that decision has already been made at that point.)

> For example, I can create a packet and bind it to a device by
> SO_BINDTODEVICE socket option. I did some tests and found:
> 1) if the socket is bound to eth0 or eth1, the packet cannot be sent out.
> 2) if the socket is bound to br0, it seems that the packet is only
> sent out to eth0.

Check out your system's ARP table (run /sbin/arp) and your br0
bridge's MAC address table (run 'brctl showmacs br0' or something
like that.)

When your machine wants to communicate with a remote IP address, it
first sends an ARP packet to figure out what the ethernet address is
that corresponds to that remote IP address.

When your machine then sends an IP packet on the br0 interface to that
ethernet address, the bridge code checks the MAC address table to find
out whether to send it to eth0 or eth1 (if the MAC address is a known
MAC address) or to both (if we have never seen the MAC address before
or if it has timed out.)

> So is there a way to send out a packet on a particular device?

I'm not sure exactly what you are trying to do?
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists