| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Aug 2020 09:33:36 +0300 From: Ido Schimmel <idosch@...sch.org> To: Swarm NameRedacted <thesw4rm@...me> Cc: Andrew Lunn <andrew@...n.ch>, netdev@...r.kernel.org Subject: Re: Packet not rerouting via different bridge interface after modifying destination IP in TC ingress hook On Wed, Aug 05, 2020 at 08:12:08PM +0000, Swarm NameRedacted wrote: > All fair points, I'll address them one by one. > 1) The subnet size on everything is /16; everything is on the same > subnet (hence the bridge) except for the client which sends the initial > SYN packet. Modifying the destination MAC address was definitely > something I overlooked and that did get the packet running through the > correct interface. I got a bit thrown off that the bridge has it's own > MAC address that is identical to the LAN interface and couldn't > visualize it as an L2 switch. However, the packet is still being > dropped; I suspect it might be a checksum error but the only incorrect > checksum is TCP. Might have accidentally disabled checksum offloading. I'm not > sure You might need to enable hairpin on eth0: # ip link set dev eth0 type bridge_slave hairpin on
Powered by blists - more mailing lists