| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <84230a27-69b8-0aba-216c-997bc9a8192f@gmail.com> Date: Sun, 8 Dec 2019 10:34:33 -0700 From: David Ahern <dsahern@...il.com> To: Mohan R <mohan43u@...il.com>, netdev@...r.kernel.org Subject: Re: how udp source address gets selected when default gateway is configured with multipath-routing On 11/21/19 11:37 PM, Mohan R wrote: > Hi, > > I have a simple multipath-routing setup, > > default > nexthop via 192.168.15.1 dev enp4s0 weight 1 > nexthop via 10.0.1.1 dev wlp2s0 weight 1 > 10.0.1.0/24 dev wlp2s0 proto kernel scope link src 10.0.1.251 > 10.0.3.0/24 dev wlp0s29u1u2 proto kernel scope link src 10.0.3.1 > 10.3.1.0/24 dev wg9000 proto kernel scope link src 10.3.1.2 > 192.168.0.0/16 dev enp4s0 proto kernel scope link src 192.168.15.251 > > here enp4s0 (192.168.0.0/16) and wlp2s0 (10.0.1.0/24) are connected to > two different ISPs. > > DNS works fine when I access internet through my internal subnet > (10.0.3.0/24), but when I try 'ping google.com' in this machine, the > DNS request to 1.1.1.1 (which is my nameserver in resolv.conf) to > resolve 'google.com' is sent through enp4s0 interface but the source > address in that DNS request contains 10.0.1.251 (wlp2s0's local ip > address). > > If I have single nexthop in default route, everything works fine. > > How can I make sure that kernel picks the correct source ip for the dns request? > This is a known problem. A route lookup is done to set the source address and then a second lookup is done to route the packet. The lookups will have different hash values (since saddr == 0 in the first) and can land on different legs of the multipath route.
Powered by blists - more mailing lists