| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Sep 2019 11:45:50 -0700 From: Ben Greear <greearb@...delatech.com> To: David Ahern <dsahern@...il.com>, netdev <netdev@...r.kernel.org> Subject: Re: Strange routing with VRF and 5.2.7+ On 9/22/19 12:23 PM, David Ahern wrote: > On 9/20/19 9:57 AM, Ben Greear wrote: >> On 9/10/19 6:08 PM, Ben Greear wrote: >>> On 9/10/19 3:17 PM, Ben Greear wrote: >>>> Today we were testing creating 200 virtual station vdevs on ath9k, >>>> and using >>>> VRF for the routing. >>> >>> Looks like the same issue happens w/out VRF, but there I have oodles >>> of routing >>> rules, so it is an area ripe for failure. >>> >>> Will upgrade to 5.2.14+ and retest, and try 4.20 as well.... >> >> Turns out, this was ipsec (strongswan) inserting a rule that pointed to >> a table >> that we then used for a vrf w/out realizing the rule was added. >> >> Stopping strongswan and/or reconfiguring how routing tables are assigned >> resolved the issue. >> > > Hi Ben: > > Since you are the pioneer with vrf and ipsec, can you add an ipsec > section with some notes to Documentation/networking/vrf.txt? I need to to some more testing, an initial attempt to reproduce my working config on another system did not work properly, and I have not yet dug into it. Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com
Powered by blists - more mailing lists