lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <fc260731-3fcb-1681-f4a4-20820387e265@candelatech.com>
Date: Sun, 21 Jan 2024 16:49:31 -0800
From: Ben Greear <greearb@...delatech.com>
To: David Ahern <dsahern@...nel.org>, netdev <netdev@...r.kernel.org>
Subject: Re: Having trouble with VRF and ping link local ipv6 address.

On 1/21/24 16:38, David Ahern wrote:
> On 1/21/24 5:29 PM, Ben Greear wrote:
>> Hello,
>>
>> I am trying to test pinging link-local IPv6 addresses across a VETH
>> pair, with each VETH
>> in a VRF, but having no good luck.
> 
> This is covered by ipv6_ping_vrf in
> tools/testing/selftests/net/fcnal-test.sh As I recall you can run just
> those tests with `-t ping6` and see the commands with -v. -P will pause
> after each test so you can see the setup and run the ping command manually.

Thanks for the great help, as always.  I guess I'd have to dig more before I understand
why putting the IP of the remote rddVR4 and %<local-dev> on the end makes it work...but it
does.

And, since it is bound to VRF, and there is exactly one netdevice in that VRF, shouldn't it
be able to figure out the device name?

# ip vrf exec _vrf15 ping -6 fe80::d064:9eff:fead:2156%rddVR5
PING fe80::d064:9eff:fead:2156%rddVR5(fe80::d064:9eff:fead:2156%rddVR5) 56 data bytes
64 bytes from fe80::d064:9eff:fead:2156%_vrf15: icmp_seq=1 ttl=64 time=0.047 ms
64 bytes from fe80::d064:9eff:fead:2156%_vrf15: icmp_seq=2 ttl=64 time=0.034 ms
64 bytes from fe80::d064:9eff:fead:2156%_vrf15: icmp_seq=3 ttl=64 time=0.032 ms
64 bytes from fe80::d064:9eff:fead:2156%_vrf15: icmp_seq=4 ttl=64 time=0.038 ms
64 bytes from fe80::d064:9eff:fead:2156%_vrf15: icmp_seq=5 ttl=64 time=0.021 ms


I'll look through that example script when I am fresh.

Thanks,
Ben

> 
>>
>> Anyone see what I might be doing wrong?
>>
>>
>> [root@ ]# ip -6 addr show dev rddVR5
>> 161: rddVR5@...VR4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue master _vrf15 state UP group default qlen 1000
>>      inet6 fe80::8088:c8ff:fe31:16ea/64 scope link
>>         valid_lft forever preferred_lft forever
>>
>> [root@ ]# ip -6 addr show dev rddVR4
>> 160: rddVR4@...VR5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue master _vrf14 state UP group default qlen 1000
>>      inet6 fe80::d064:9eff:fead:2156/64 scope link
>>         valid_lft forever preferred_lft forever
>>
>> [root@ ]# ip -6 route show table 15
>> anycast fe80:: dev rddVR5 proto kernel metric 1024 pref medium
>> local fe80::8088:c8ff:fe31:16ea dev rddVR5 proto kernel metric 0 pref
>> medium
>> fe80::/64 dev rddVR5 proto kernel metric 256 pref medium
>> fe80::/64 dev rddVR5 metric 1024 pref medium
>> ff00::/8 dev rddVR5 metric 256 pref medium
>>
>> [root@ ]# ip -6 route show table 14
>> local fe80::d064:9eff:fead:2156 dev rddVR4 proto kernel metric 0 pref
>> medium
>> fe80::/64 dev rddVR4 proto kernel metric 256 pref medium
>> multicast ff00::/8 dev rddVR4 proto kernel metric 256 pref medium
>>
>> [root@ ]# ip vrf exec _vrf15 ping -6 fe80::d064:9eff:fead:2156
> 
> LLAs are local to a device. Give it a device context (%<dev name> after
> the address).
> 
> 
> 


-- 
Ben Greear <greearb@...delatech.com>
Candela Technologies Inc  http://www.candelatech.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ