lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 8 Dec 2019 10:34:33 -0700
From:   David Ahern <dsahern@...il.com>
To:     Mohan R <mohan43u@...il.com>, netdev@...r.kernel.org
Subject: Re: how udp source address gets selected when default gateway is
 configured with multipath-routing

On 11/21/19 11:37 PM, Mohan R wrote:
> Hi,
> 
> I have a simple multipath-routing setup,
> 
> default
>         nexthop via 192.168.15.1 dev enp4s0 weight 1
>         nexthop via 10.0.1.1 dev wlp2s0 weight 1
> 10.0.1.0/24 dev wlp2s0 proto kernel scope link src 10.0.1.251
> 10.0.3.0/24 dev wlp0s29u1u2 proto kernel scope link src 10.0.3.1
> 10.3.1.0/24 dev wg9000 proto kernel scope link src 10.3.1.2
> 192.168.0.0/16 dev enp4s0 proto kernel scope link src 192.168.15.251
> 
> here enp4s0 (192.168.0.0/16) and wlp2s0 (10.0.1.0/24) are connected to
> two different ISPs.
> 
> DNS works fine when I access internet through my internal subnet
> (10.0.3.0/24), but  when I try 'ping google.com' in this machine, the
> DNS request to 1.1.1.1 (which is my nameserver in resolv.conf) to
> resolve 'google.com' is sent through enp4s0 interface but the source
> address in that DNS request contains 10.0.1.251 (wlp2s0's local ip
> address).
> 
> If I have single nexthop in default route, everything works fine.
> 
> How can I make sure that kernel picks the correct source ip for the dns request?
> 

This is a known problem. A route lookup is done to set the source
address and then a second lookup is done to route the packet. The
lookups will have different hash values (since saddr == 0 in the first)
and can land on different legs of the multipath route.

Powered by blists - more mailing lists