| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Sep 2019 05:09:27 +0000 From: Gowen <gowen@...atocomputing.co.uk> To: David Ahern <dsahern@...il.com>, Alexis Bauvin <abauvin@...ine.net> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: RE: VRF Issue Since kernel 5 Thanks for the link - that's really useful. I did re-order ip rules Friday (I think) - no change -----Original Message----- From: David Ahern <dsahern@...il.com> Sent: 10 September 2019 17:36 To: Alexis Bauvin <abauvin@...ine.net>; Gowen <gowen@...atocomputing.co.uk> Cc: netdev@...r.kernel.org Subject: Re: VRF Issue Since kernel 5 On 9/9/19 1:01 PM, Alexis Bauvin wrote: > Could you try swapping the local and l3mdev rules? > > `ip rule del pref 0; ip rule add from all lookup local pref 1001` yes, the rules should be re-ordered so that local rule is after l3mdev rule (VRF is implemented as policy routing). In general, I would reverse the order of those commands to ensure no breakage. Also, 5.0 I think it was (too many kernel versions) added a new l3mdev sysctl (raw_l3mdev_accept). Check all 3 of them and nmake sure they are set properly for your use case. These slides do not cover 5.0 changes but are still the best collection of notes on VRF: http://schd.ws/hosted_files/ossna2017/fe/vrf-tutorial-oss.pdf
Powered by blists - more mailing lists