| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080824.173146.28446297.davem@davemloft.net> Date: Sun, 24 Aug 2008 17:31:46 -0700 (PDT) From: David Miller <davem@...emloft.net> To: jengelh@...ozas.de Cc: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: Unexpected source address selection in routing From: Jan Engelhardt <jengelh@...ozas.de> Date: Sun, 24 Aug 2008 19:39:52 -0400 (EDT) > It appears that the routing code selects the outgoing source address to > use for packets is chosen when the socket is established instead of > at routing time. > > The following presents a test case for "unexpected" (from a user's > perspective) behavior. > > Is there any way to make it behave as a user would expect? No matter when we had made the routing lookup, we would have ended up with what you see the kernel doing. The route is looked up long before netfilter even sees the packets. The source address selection at the socket level can only "see" the original destination address and therefore makes the source address selection using that original destination address. After iptables mangles things, the packet is rerouted but source address selection and IP header source address mangling are not going to occur. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists