lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Aug 2020 10:49:09 +0300 From: Ido Schimmel <idosch@...sch.org> To: Swarm NameRedacted <thesw4rm@...me> Cc: netdev@...r.kernel.org Subject: Re: Packet not rerouting via different bridge interface after modifying destination IP in TC ingress hook On Thu, Aug 06, 2020 at 07:00:15AM +0000, Swarm NameRedacted wrote: > Not sure this applies. There's no NAT since everything is on the same > subnet. IIUC, packet is received on eth0, you then change the DMAC to SMAC on ingress (among other things) and then packet continues to the bridge. The bridge checks the DMAC and sees that the packet is supposed to be forwarded out of eth0. Since it's also the ingress interface the packet is dropped. To overcome this you need to enable hairpin.
Powered by blists - more mailing lists