| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 17 Oct 2009 18:46:11 -0700 From: Maciej Żenczykowski <zenczykowski@...il.com> To: hadi@...erus.ca Cc: Rob.Townley@...il.com, YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>, netdev@...r.kernel.org Subject: Re: [PATCH] iputils: ping by mark Try it with a udp packet or a tcp connection - so_mark and ip rule fwmark only work for raw sockets (and maybe some other special cases), unless you're lucky and the ip(6)tables mangle module just happens to rerun the routing decision (because it mangles the packet in some other way...). The problem is that the SO_MARK mark is not used for the initial routing decision for most protocols (it _is_ used for raw sockets). There have been a few patches lately from atis@...rotik.com that have fixed some of the outstanding problems. I have not had the opportunity to take a look at the current state of the breakage. 2009/10/17 jamal <hadi@...erus.ca>: > On Sat, 2009-10-17 at 19:04 -0400, jamal wrote: > >> This patch has worked fine in >> 2.6.31 and pre-31 where i tested. > > Ok, just to be sure - here's a simple test i just did on my laptop... > > ------ > hadi@...o:~$ uname -a > Linux dogo 2.6.31-rc7-00001-g6da17c5-dirty #7 PREEMPT Thu Oct 15 > 16:35:13 EDT 2009 i686 GNU/Linux > hadi@...o:~$ ip a ls dev eth0 > 11: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > state UNKNOWN qlen 1000 > link/ether 00:0b:97:97:4d:6a brd ff:ff:ff:ff:ff:ff > inet 10.0.0.31/24 brd 10.0.0.255 scope global eth0 > inet 10.0.0.2/32 scope global eth0 > inet6 fe80::20b:97ff:fe97:4d6a/64 scope link > valid_lft forever preferred_lft forever > hadi@...o:~$ ip ru ls > 0: from all lookup local > 15: from all fwmark 0xf lookup 15 > 16: from all fwmark 0x10 lookup 16 > 32766: from all lookup main > 32767: from all lookup default > > hadi@...o:~$ ip r ls table 15 > 208.67.217.231 via 10.0.0.1 dev eth0 src 10.0.0.31 > hadi@...o:~$ ip r ls table 16 > 208.67.217.231 via 10.0.0.1 dev eth0 src 10.0.0.2 > hadi@...o:~$ > > One ping with -m 15 -c1 to 208.67.217.231, tcpdump: > 19:22:09.467555 IP 10.0.0.31 > 208.67.217.231: ICMP echo request, id > 34328, seq 1, length 64 > 19:22:09.535429 IP 208.67.217.231 > 10.0.0.31: ICMP echo reply, id > 34328, seq 1, length 64 > > repeat ping with -m 16 and watch tcpdump > 19:23:19.731592 IP 10.0.0.2 > 208.67.217.231: ICMP echo request, id > 50712, seq 1, length 64 > 19:23:19.790672 IP 208.67.217.231 > 10.0.0.2: ICMP echo reply, id 50712, > seq 1, length 64 > > ------ > > > I have also tried it with udp (hacked netcat) and i dont see any problem > either > > What did i miss? > > cheers, > jamal > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists