lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABQpAL4J7D704iw8Qj9SNDxW8E1P7Mw+KONUapZY6_LdoHkEYw@mail.gmail.com> Date: Wed, 27 Aug 2014 10:24:21 +0530 From: Tushar Shinde <mtk.tushar@...il.com> To: Hannes Frederic Sowa <hannes@...essinduktion.org> Cc: netdev@...r.kernel.org Subject: Re: IPv6 Policy based routing not working. Hi Hannes, Thank you for reply. I tested it will 2 kernels 2.6.32-431.11.2.el6.x86_64, and ubuntu 14.04 kernel 3.13. ping6 -I <IPv6 src ip> <dest> is working. I also verified ssh with -b working. So my question is, is it necessary to give bind address to make source based routing work? why don't it select ip address of given bind interface? Because of this SO_BINDTODEVICE may not work as expected. Tushar On Wed, Aug 27, 2014 at 3:31 AM, Hannes Frederic Sowa <hannes@...essinduktion.org> wrote: > Hi, > > On Di, 2014-08-26 at 21:32 +0530, Tushar Shinde wrote: >> Hello NetDev, >> >> I am facing problem where if ipv6 route (outside to current subnet) is >> reachable only if route is present in main table. Policy based routes >> are not working. >> >> Following is my setup, >> >> eth0 inet6 2001:1::10/120 scope global >> eth1 inet6 2001:1::11/120 scope global >> 2001:1::1 is gateway >> 2.6.32-431.11.2.el6.x86_64 kernel (I tried on 3.x also) >> >> [root@...6node1 ~]# ip -6 route show tab 1 >> 2001:1::/120 dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295 >> default via 2001:1::1 dev eth0 metric 1024 mtu 1500 advmss 1440 >> hoplimit 4294967295 >> [root@...6node1 ~]# >> [root@...6node1 ~]# ip -6 route show tab 2 >> 2001:1::/120 dev eth1 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295 >> default via 2001:1::1 dev eth1 metric 1024 mtu 1500 advmss 1440 >> hoplimit 4294967295 >> [root@...6node1 ~]# >> [root@...6node1 ~]# ip -6 rule show >> 0: from all lookup local >> 16383: from 2001:1::10 lookup 1 >> 16383: from 2001:1::11 lookup 2 >> 32766: from all lookup main >> [root@...6node1 ~]# >> >> If I add default vai eth0 only ip of eth0 is reachable from outside or >> eth1 dont work. In above setup default route is not present. >> >> But default entry in "table" is never getting used to resolve route >> >> [root@...6node1 ~]# ping6 -I eth0 2001:2::20 >> connect: Network is unreachable >> [root@...6node1 ~]# >> [root@...6node1 ~]# ping6 -I eth1 2001:2::20 >> connect: Network is unreachable >> [root@...6node1 ~]# > > ping6 selects the ipv6 address based on netlink route lookup given the > specified interface but without setting the source address. That said, > it is probable that the rule lookup happens with a completely different > ipv6 address. Please verify this. ping6 -I also accepts a source ipv6 > address, can you try this? > > Otherwise please specify with which 3.x kernel you tested this. > > Thanks, > Hannes > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists