| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e73269cc-1530-5749-0b62-f30b742217e1@gmail.com> Date: Thu, 15 Apr 2021 12:41:14 -0700 From: David Ahern <dsahern@...il.com> To: Bala Sajja <bssajja@...il.com>, netdev@...r.kernel.org Subject: Re: Different behavior wrt VRF and no VRF - packet Tx On 4/15/21 12:15 AM, Bala Sajja wrote: > When interfaces are not part of VRF and below ip address config is > done on these interfaces, ping with -I (interface) option, we see > packets transmitting out of the right interfaces. > > ip addr add 2.2.2.100 peer 1.1.1.100/32 dev enp0s3 > ip addr add 2.2.2.100 peer 1.1.1.100/32 dev enp0s8 > > ping 1.1.1.100 -I enp0s3 , packet always goes out of enp0s3 > ping 1.1.1.100 -I enp0s8, packet always goes out of enp0s8 > > When interfaces are enslaved to VRF as below and ip are configured > on these interfaces, packets go out of one interface only. > > ip link add MGMT type vrf table 1 > ip link set dev MGMT up > ip link set dev enp0s3 up > ip link set dev enp0s3 master MGMT > ip link set dev enp0s8 up > ip link set dev enp0s8 master MGMT > ip link set dev enp0s9 up > > ip addr add 2.2.2.100 peer 1.1.1.100/32 dev enp0s3 > ip addr add 2.2.2.100 peer 1.1.1.100/32 dev enp0s8 > > ping 1.1.1.100 -I enp0s3 , packet always goes out of enp0s3 > ping 1.1.1.100 -I enp0s8, packet always goes out of enp0s3 > > I believe this use case will not work since the FIB lookup loses the original device binding (the -I argument). take a look at the FIB lookup argument and result: perf record -e fib:* perf script
Powered by blists - more mailing lists