lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 1 May 2023 11:09:26 +0530
From:   SANDEEP KUMAR <sandeepkumar2016000@...il.com>
To:     netdev@...r.kernel.org
Subject: arp not getting resolved at the peer after route added on higher
 priority table 'tun0_table_rx' than 'local'

Hi All,

We have interface ens4 with 192.168.100.105 ip plumbed and also having
tun0 and tun0 having same ip 192.168.100.105 plumbed so if traffic is
coming to 192.168.100.105, we want to send to tun0. I have been able
to achieve this using the below configuration.However arp is not
getting resolved for 192.168.100.105 at the peer.What could be the
reason for this?

❯ cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
0       unspec
25 tun0_table_rx


Change the priority of lookup table
ip rule add preference 200 iif ens4 lookup tun0_table_rx
ip rule add preference 300 lookup local
ip rule delete preference 0

❯ ip rule show
200:    from all iif ens4 lookup tun0_table_rx
300:    from all lookup local
32766:  from all lookup main
32767:  from all lookup default

Route added on higher priority table tun0_table_rx
sudo ip r add  192.168.100.105 dev tun0 t tun0_table_rx

❯ ip r s t tun0_table_rx
192.168.100.105 dev tun0 scope link

Tcpdump on ens4 when ping from Peers so arp is not getting resolved.
❯ tcpdump -ni ens4 host 192.168.100.105
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes
01:31:52.718238 ARP, Request who-has 192.168.100.105 tell
192.168.100.101, length 46
01:31:54.703204 ARP, Request who-has 192.168.100.105 tell
192.168.100.101, length 46
01:31:55.718265 ARP, Request who-has 192.168.100.105 tell
192.168.100.101, length 46


❯ ifconfig ens4
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.105  netmask 255.255.255.0  broadcast 192.168.100.255
        inet6 fe80::6dcf:494:4507:a146  prefixlen 64  scopeid 0x20<link>
        ether de:ad:ce:05:3e:8d  txqueuelen 1000  (Ethernet)
        RX packets 24746  bytes 2685240 (2.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3198  bytes 307924 (300.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

❯ ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.100.105  netmask 255.255.255.0  destination 192.168.100.105
        inet6 fe80::3ed9:95e8:b69a:62ec  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
txqueuelen 2000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 21  bytes 1732 (1.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Thanks & Regards,
Sandeep Kumar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ