| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 05 Aug 2020 08:19:57 +0000
From: Swarm NameRedacted <thesw4rm@...me>
To: netdev@...r.kernel.org
Subject: Packet not rerouting via different bridge interface after modifying destination IP in TC ingress hook
Hi,
I am trying to build a quick script via TC direct action and eBPF to
modify the destination IP of a packet so that it is routed through a
different bridge interface. Made a quick network diagram below to
demonstrate it.
Packet (dst: 10.10.3.2)
|
|
ingress - (change dst to 10.10.4.1)
|
|
eth0
|
|
br0 - (addr: 10.10.3.1)
__eth0______ ___ens19_______
| |
| |
| |
| |
host: 10.10.4.1 host: 10.10.3.2
As shown, I send a packet from a separate client to eth0. eth0 is the
WAN interface of its machine and ens19 is the LAN interface; both are
connecting with bridge br0. Without modification, the packet goes
straight through ens19 to 10.10.3.2.
Theoretically, by modifying the destination IP to 10.10.4.1 at ingress,
the packet should be rerouted to go back through eth0. However, in
practice, I find that the packet still goes through ens19 after
modification, and of course after that it never reaches anything.
Why is it that ingress catches the packet before the bridging decision,
but the packet isn't rerouted? Is there a better way to do this?
Powered by blists - more mailing lists