lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 16 May 2018 16:16:13 +0000
From:   Hirotaka Yamamoto <ymmt@...ozu.com>
To:     Andrew Lunn <andrew@...n.ch>
CC:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: ECMP routing: problematic selection of outgoing interface

Hi Andrew,

> I assume you add the 192.168.11.1 and 192.168.12.1 to the interfaces
> using global scope? Global scope means the IP addresses are valid
> everywhere. All routers should know how to route packets to these IP
> addresses. So a host is free to pick any of its global scope IP

Yes their scopes are global,

> It sounds like your router is doing reverse path filtering. It is
> checking its routing table for the source address, and throwing the
> packets away if they don't come in the interface the route points out
> of.

and yes the routers do reverse path filtering.

Now I understood that this is an intended and in fact a legitimate behavior.

So it seems that one thing I can do is to talk with networking people to accept
these packets.  Another option that has come to my mind is to change the
address scope to link-local and assign a global, routable address to a dummy
interface so that Linux chooses the address for the dummyif.

I'm going to evaluate these options.  Thank you!

- ymmt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ