lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 6 Aug 2020 09:33:36 +0300
From:   Ido Schimmel <idosch@...sch.org>
To:     Swarm NameRedacted <thesw4rm@...me>
Cc:     Andrew Lunn <andrew@...n.ch>, netdev@...r.kernel.org
Subject: Re: Packet not rerouting via different bridge interface after
 modifying destination IP in TC ingress hook

On Wed, Aug 05, 2020 at 08:12:08PM +0000, Swarm NameRedacted wrote:
> All fair points, I'll address them one by one. 
> 1) The subnet size on everything is /16; everything is on the same
> subnet (hence the bridge) except for the client which sends the initial
> SYN packet. Modifying the destination MAC address was definitely
> something I overlooked and that did get the packet running through the
> correct interface. I got a bit thrown off that the bridge has it's own
> MAC address that is identical to the LAN interface and couldn't
> visualize it as an L2 switch. However, the packet is still being
> dropped; I suspect it might be a checksum error but the only incorrect
> checksum is TCP. Might have accidentally disabled checksum offloading. I'm not
> sure

You might need to enable hairpin on eth0:

# ip link set dev eth0 type bridge_slave hairpin on

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ