| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Apr 2022 12:24:29 +0300 From: Vladimir Oltean <olteanv@...il.com> To: David Ahern <dsahern@...il.com> Cc: netdev@...r.kernel.org Subject: Re: IPv6 multicast with VRF On Wed, Apr 20, 2022 at 02:40:53PM -0600, David Ahern wrote: > On 4/20/22 1:18 PM, Vladimir Oltean wrote: > > On Wed, Apr 20, 2022 at 12:59:45PM -0600, David Ahern wrote: > >> Did you adjust the FIB rules? See the documentation in the kernel repo. > > > > Sorry, I don't understand what you mean by "adjusting". I tried various > > forms of adding an IPv6 multicast route on eth0, to multiple tables, > > some routes more generic and some more specific, and none seem to match > > when eth0 is under a VRF, for a reason I don't really know. This does > > not occur with IPv4 multicast, by the way. > > > > By documentation I think you mean Documentation/networking/vrf.rst. > > I went through it but I didn't notice something that would make me > > realize what the issue is. > > try this: > https://static.sched.com/hosted_files/ossna2017/fe/vrf-tutorial-oss.pdf > slide 79 and on Yeah, that worked. Well, now I know what vrf_prepare() and vrf_cleanup() from tools/testing/selfteste/net/forwarding/lib.sh are for, I guess.. Thanks for helping and for sharing the presentation. > >> And add a device scope to the `get`. e.g., > >> > >> ip -6 route get ff02::1%eth0 > > > > I'm probably not understanding this, because: > > > > ip -6 route get ff02::1%eth0 > > Error: inet6 prefix is expected rather than "ff02::1%eth0". > > ip -6 ro get oif eth0 ff02::1 > > (too many syntax differences between tools) Could you explain why specifying the oif is needed here? If I don't do it, I still can't find the route. Either that, or what would an application need to do to find the route from the VRF FIB? ip -6 route get vrf vrf0 ff02::1 RTNETLINK answers: Network is unreachable ip -6 route get vrf vrf0 ff02::1 oif eth0 multicast ff02::1 dev eth0 table 3 proto kernel src 2001:db8:1::1 metric 256 pref medium For some context, the multicast application I'm trying to get running in a VRF is mcjoin (https://github.com/troglobit/mcjoin). It will send packets as long as the interface only has a link-local IPv6 address. As long as I add a global IPv6 address *and* the netdev is in the VRF (basically the circumstances from the forwarding selftests), sendto() fails with -ENETUNREACH. ip vrf exec vrf0 mcjoin -s -o -i eth0 ff0e::1 -c 1 Sending IPv6 multicast on eth0 addr, fe80::201:2ff:fe03:401 ifindex: 10, sd: 6 *,ff0e::1: invalid 0 delay 0 gaps 0 reorder 0 dupes 0 bytes 100 packets 1 Total: 1 packets vs: ip addr add 2001:db8:1::1/64 dev eth0 ip vrf exec vrf0 mcjoin -s -o -i eth0 ff0e::1 -c 1 Sending IPv6 multicast on eth0 addr, 2001:db8:1::1 ifindex: 10, sd: 6 Failed sending mcast to ff2e::1: Network is unreachable *,ff2e::1: invalid 0 delay 0 gaps 1 reorder 0 dupes 0 bytes 0 packets 0 Total: 0 packets
Powered by blists - more mailing lists