lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 21 Jun 2007 22:30:57 -0600
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Ben Greear <greearb@...delatech.com>
Cc:	Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org,
	shemminger@...ux-foundation.org, davem@...emloft.net,
	jeff@...zik.org
Subject: Re: [RFC NET 00/02]: Secondary unicast address support

Ben Greear <greearb@...delatech.com> writes:

> Patrick McHardy wrote:
>> Eric W. Biederman wrote:
>
>>> For the macvlan code do we need to do anything special if we transmit
>>> to a mac we would normally receive?  Another unicast mac of the same
>>> nic for example.
>>
>> That doesn't happen under normal circumstances. I don't believe
>> it would work.
>
> Assuming you mean you want to send between two mac-vlans on the same physical
> nic...
>
> This can work if your mac-vlans are on different subnets and you are
> routing between them (and if you have my send-to-self patch or have
> another way to let a system send packets to itself).

Ok.  I didn't know if you could trigger this case without without
having then endpoints in separate namespaces.  I was suspecting
the routing code would realize what we were doing realize the
route is local and route through lo.

> A normal ethernet switch will NOT turn a packet around on the same
> interface it was received, so that is why you must have them on different
> subnets and have a router in between.

Yes.  That is essentially the configuration I was wondering about.

> For sending directly to yourself, something like the 'veth' driver
> is probably more useful.

True.  And I think it has a place.  However the common case with
the tunnel devices is to just hook them all up to an ethernet
bridge as well as a real ethernet device.

The far ends of the ethernet tunnels are dropped into different namespaces.

Which gets a very similar effect to the mac vlan code.

I'm just wondering if I can not setup an ethernet tunnel device
when my primary purpose is to talk to the outside world, but occasionally
want a little in the box traffic.

Eric
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ