lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181005102701.GA20105@splinter>
Date:   Fri, 5 Oct 2018 13:27:01 +0300
From:   Ido Schimmel <idosch@...sch.org>
To:     Mikael Abrahamsson <swmike@....pp.se>
Cc:     netdev@...r.kernel.org
Subject: Re: question regarding Linux kernel handling of packets received
 that has src address of interface address

On Fri, Oct 05, 2018 at 10:50:24AM +0200, Mikael Abrahamsson wrote:
> So my question is where in the Linux kernel is this check performed that
> disallows incoming packets that have src IP address the same as an interface
> address? Can it be turned off? Is there a way to "hack around it", for
> instance with iptables and re-write the source address of the packet before
> it hits this check (I don't care about the source address when the packet is
> delivered to the application, it can be re-written to anything).

Did you set 'accept_local' [1] ?

"
accept_local - BOOLEAN
	Accept packets with local source addresses. In combination with
	suitable routing, this can be used to direct packets between two
	local interfaces over the wire and have them accepted properly.
	default FALSE
"

I tried to create a setup similar to yours and it seems to be working
for me.

1. https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ