lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 17 Mar 2011 12:23:48 -0700
From:	Jesse Gross <jesse@...ira.com>
To:	Christian Hesse <mail@...rm.de>
Cc:	netdev@...r.kernel.org
Subject: Re: sky2, vlan and nat/masquerading

On Tue, Mar 15, 2011 at 12:53 AM, Christian Hesse <mail@...rm.de> wrote:
> On Mon, 14 Mar 2011 18:55:17 -0700 Jesse Gross <jesse@...ira.com> wrote:
>> On Mon, Mar 14, 2011 at 3:11 AM, Christian Hesse <mail@...rm.de> wrote:
>> > Ok, let me explain step by step:
>>
>> Thank you, this helps a lot in understanding your setup.
>>
>> >
>> > * Host sends icmp echo request (172.16.0.21 -> 192.168.100.3) to router
>> >  172.16.0.1, the packet is untagged.
>> > * Switch receives the packet on native interface with vid 2, tags it and
>> > sends it to the trunk)
>> > * Netbook receives the packet from trunk, untags it an queues it to vlan
>> >  interface 2.
>> > * Netbook nats the packet (192.168.x.140 > 192.168.100.3), tags it with
>> > vlan 2 and sends it to the trunk.
>>
>> For clarity, I'm assuming that this is supposed to be vlan 1?
>
> Sorry, little typo. Yes, you are right.
>
>> > * Switch receives the packet from trunk, untags it and sends it to native
>> >  interface with vlan 1.
>> > * The packet and its answer (192.168.100.3 -> 192.168.x.140) make their
>> > way through the network.
>> > * Switch receives the icmp echo reply on native interface with vlan 1,
>> > tags it and sends it to the trunk
>> > * Netbook receives the packet from trunk, untags it an queues it to vlan
>> >  interface 1.
>> > * Netbooks restores the original addresses from nat (192.168.100.3 ->
>> >  172.16.0.21), _tags_it_with_vlan_0_, tags it with vlan 2 and sends it to
>> > the trunk
>>
>> Can you capture a packet trace on the netbook's Ethernet interface to
>> see what it thinks it is sending?
>
> Ok, I have two traces for you: from the vlan interface and from the native
> interface. First ping to 172.16.0.65 is ok, second one to 192.168.100.3 fails.
>
> Please don't be confused, vlan 1 is vlan 3 this time and addresses
> changed a little bit. ;)

Hmm, it's pretty interesting that the extra vlan tag magically
appears.  I'll have to reproduce it to investigate further, as the
source isn't readily obvious to me.  You said that if you swap out a
different NIC but keep everything else the same the problem goes away?
 That also is strange because the packet capture should take place
before the driver.

Can you try using ethtool to turn off txvlan and see if that makes a difference?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ