lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Aug 2014 10:24:21 +0530
From:	Tushar Shinde <mtk.tushar@...il.com>
To:	Hannes Frederic Sowa <hannes@...essinduktion.org>
Cc:	netdev@...r.kernel.org
Subject: Re: IPv6 Policy based routing not working.

Hi Hannes,

Thank you for reply.

I tested it will 2 kernels 2.6.32-431.11.2.el6.x86_64, and ubuntu
14.04 kernel 3.13.

ping6 -I <IPv6 src ip> <dest> is working. I also verified ssh with -b working.

So my question is, is it necessary to give bind address to make source
based routing work? why don't it select ip address of given bind
interface? Because of this SO_BINDTODEVICE may not work as expected.

Tushar


On Wed, Aug 27, 2014 at 3:31 AM, Hannes Frederic Sowa
<hannes@...essinduktion.org> wrote:
> Hi,
>
> On Di, 2014-08-26 at 21:32 +0530, Tushar Shinde wrote:
>> Hello NetDev,
>>
>> I am facing problem where if ipv6 route (outside to current subnet) is
>> reachable only if route is present in main table. Policy based routes
>> are not working.
>>
>> Following is my setup,
>>
>> eth0   inet6 2001:1::10/120 scope global
>> eth1   inet6 2001:1::11/120 scope global
>> 2001:1::1 is gateway
>> 2.6.32-431.11.2.el6.x86_64 kernel (I tried on 3.x also)
>>
>> [root@...6node1 ~]# ip -6 route show tab 1
>> 2001:1::/120 dev eth0  metric 1024  mtu 1500 advmss 1440 hoplimit 4294967295
>> default via 2001:1::1 dev eth0  metric 1024  mtu 1500 advmss 1440
>> hoplimit 4294967295
>> [root@...6node1 ~]#
>> [root@...6node1 ~]# ip -6 route show tab 2
>> 2001:1::/120 dev eth1  metric 1024  mtu 1500 advmss 1440 hoplimit 4294967295
>> default via 2001:1::1 dev eth1  metric 1024  mtu 1500 advmss 1440
>> hoplimit 4294967295
>> [root@...6node1 ~]#
>> [root@...6node1 ~]# ip -6 rule show
>> 0:    from all lookup local
>> 16383:    from 2001:1::10 lookup 1
>> 16383:    from 2001:1::11 lookup 2
>> 32766:    from all lookup main
>> [root@...6node1 ~]#
>>
>> If I add default vai eth0 only ip of eth0 is reachable from outside or
>> eth1 dont work. In above setup default route is not present.
>>
>> But default entry in "table" is never getting used to resolve route
>>
>> [root@...6node1 ~]# ping6 -I eth0 2001:2::20
>> connect: Network is unreachable
>> [root@...6node1 ~]#
>> [root@...6node1 ~]# ping6 -I eth1 2001:2::20
>> connect: Network is unreachable
>> [root@...6node1 ~]#
>
> ping6 selects the ipv6 address based on netlink route lookup given the
> specified interface but without setting the source address. That said,
> it is probable that the rule lookup happens with a completely different
> ipv6 address. Please verify this. ping6 -I also accepts a source ipv6
> address, can you try this?
>
> Otherwise please specify with which 3.x kernel you tested this.
>
> Thanks,
> Hannes
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ