lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 12 Oct 2009 11:43:39 +0300
From:	Denys Fedoryschenko <denys@...p.net.lb>
To:	netdev@...r.kernel.org, hadi@...erus.ca
Subject: kernel mode pppoe ppp if + ifb + mirred redirect, ethernet packets in ifb?!

Hi

I am using kernel mode pppoe, and while using mirred on ppp interfaces (to 
shape users upstream) noticed very strange behaviour (and IMHO wrong)

$2 - ppp interface
tc filter add dev $2 parent ffff: protocol ip prio 10 u32 \
match u32 0 0 flowid 1:1 \
action mirred egress redirect dev ifb0"

If i do tcpdump on ppp interface i can see normal ip traffic

PPPoE_146 ~ # tcpdump -ni ppp6 -c 100
tcpdump: WARNING:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp6, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
11:36:16.541742 IP 172.16.131.221.2182 > 64.4.50.51.443: Flags [F.], seq 
2636760792, ack 2812561777, win 64963, length 0

If i do tcpdump on ifb0 i will see PPPoE incapsulated traffic! 
PPPoE_146 ~ # tcpdump -ni ifb0 -c 100
tcpdump: WARNING: ifb0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ifb0, link-type EN10MB (Ethernet), capture size 96 bytes
11:36:58.949727 PPPoE  [ses 0x15] IP 172.16.98.22.2081 > 94.75.218.20.80: 
Flags [S], seq 3205622298, win 65535, options [mss 1440,nop,nop,sackOK], 
length 0
11:36:58.531473 PPPoE  [ses 0xd] IP 172.16.98.14.16526 > 128.16.130.164.445: 
Flags [S], seq 98566173, win 65535, options [mss 1440,nop,nop,sackOK], length 
0

Is it expected that redirecting ppp interface, that supposed to be clean IP 
traffic is becoming eth encapsulated traffic?
Probably some bad interaction with kernel mode pppoe?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ