lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220420165457.kd5yz6a6itqfcysj@skbuf>
Date:   Wed, 20 Apr 2022 19:54:57 +0300
From:   Vladimir Oltean <olteanv@...il.com>
To:     David Ahern <dsahern@...il.com>
Cc:     netdev@...r.kernel.org
Subject: IPv6 multicast with VRF

Hi,

I don't have experience with either IPv6 multicast or VRF, yet I need to
send some IPv6 multicast packets from a device enslaved to a VRF, and I
don't really know what's wrong with the routing table setup.

The system is configured in the following way:

 ip link set dev eth0 up

 # The kernel kindly creates a ff00::/8 route for IPv6 multicast traffic
 # in the local table, and I think this is what makes multicast route
 # lookups find the egress device.
 ip -6 route show table local
local ::1 dev lo proto kernel metric 0 pref medium
local fe80::204:9fff:fe05:f4ab dev eth0 proto kernel metric 0 pref medium
multicast ff00::/8 dev eth0 proto kernel metric 256 pref medium

 ip -6 route get ff02::1
multicast ff02::1 dev eth0 table local proto kernel src fe80::204:9fff:fe05:f4ab metric 256 pref medium

 ip link add dev vrf0 type vrf table 3 && ip link set dev vrf0 up

 ip -4 route add table 3 unreachable default metric 4278198272

 ip -6 route add table 3 unreachable default metric 4278198272

 ip link set dev eth0 master vrf0

The problem seems to be that, although the "ff00::/8 dev eth0" route
migrates from table 255 to table 3, route lookups after this point fail
to find it and return -ENETUNREACH (ip6_null_entry).

 ip -6 route show table local
local ::1 dev lo proto kernel metric 0 pref medium

 ip -6 route show table main
::1 dev lo proto kernel metric 256 pref medium

 ip -6 route show table 3
local fe80::204:9fff:fe05:f4ab dev eth0 proto kernel metric 0 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
multicast ff00::/8 dev eth0 proto kernel metric 256 pref medium
unreachable default dev lo metric 4278198272 pref medium

 ip -6 route get ff02::1
RTNETLINK answers: Network is unreachable

 ip -6 route get vrf vrf0 ff02::1
RTNETLINK answers: Network is unreachable

I'm not exactly sure what is missing?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ