lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 5 Jan 2018 12:07:52 +0530
From:   sundeep subbaraya <sundeep.lkml@...il.com>
To:     linux-net@...r.kernel.org, netdev@...r.kernel.org
Subject: IPv6 source based policy routing query

Hi,

I am quite new to IPv6.
I ran to one problem hope you guys can help me.
I have multiple ethernet port box which runs by Altera's Cyclone 5.
I am using source based policy routing for ipv6.
The problem is when there is "default via <gateway>" entry in per interface
routing table then ping to a link local address of directly connected PC from
that interface fails.

# ip -6 rule
0:      from all lookup local
16383:  from all oif eth2 lookup eth2
16383:  from 2001::200 lookup eth2
32766:  from all lookup main

# ip -6 route show table eth2
2001::/64 dev eth2  src 2001::200  metric 1024  pref medium
default via 2001::5 dev eth2  metric 1024  pref medium

# ping6 fe80::21b:cdff:fe03:1357 -I eth2
PING fe80::21b:cdff:fe03:1357(fe80::21b:cdff:fe03:1357) from
fe80::2b0:aeff:fe03:7c1c eth2: 56 data bytes
>From fe80::2b0:aeff:fe03:7c1c icmp_seq=1 Destination unreachable:
Address unreachable
>From fe80::2b0:aeff:fe03:7c1c icmp_seq=2 Destination unreachable:
Address unreachable
>From fe80::2b0:aeff:fe03:7c1c icmp_seq=3 Destination unreachable:
Address unreachable
^C
--- fe80::21b:cdff:fe03:1357 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4007ms

# ip -6 route del default dev eth2 table eth2
# ping6 fe80::21b:cdff:fe03:1357 -I eth2
PING fe80::21b:cdff:fe03:1357(fe80::21b:cdff:fe03:1357) from
fe80::2b0:aeff:fe03:7c1c eth2: 56 data bytes
64 bytes from fe80::21b:cdff:fe03:1357: icmp_seq=1 ttl=64 time=0.285 ms
64 bytes from fe80::21b:cdff:fe03:1357: icmp_seq=2 ttl=64 time=1.73 ms
64 bytes from fe80::21b:cdff:fe03:1357: icmp_seq=3 ttl=64 time=1.75 ms
^C
--- fe80::21b:cdff:fe03:1357 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.285/1.258/1.755/0.688 ms

>From Wireshark captures, though I ping link local first Neighbor
solicitation for default
gateway ip 2001::5 goes on wire. Since that gateway is not present
ping does not work.
If gateway is present and reply with Neighbor Advertisement then echo
request and replies with
link local happens properly after that.
Why does Neighbor Solicitation for default gateway happens though we
ping link local address ?
I assume link local ping should work despite of unavailable default gateway.
Please correct me if am wrong. Also let me know how to change this behavior.

I am using 4.1.22-ltsi kernel.

Thanks,
Sundeep

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ