| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <303f83f8-e2cc-4a33-8bfe-ba490f932f18@candelatech.com> Date: Tue, 19 Nov 2024 08:53:47 -0800 From: Ben Greear <greearb@...delatech.com> To: David Ahern <dsahern@...nel.org>, Ido Schimmel <idosch@...sch.org> Cc: netdev <netdev@...r.kernel.org> Subject: Re: GRE tunnels bound to VRF On 11/19/24 8:36 AM, David Ahern wrote: > On 11/19/24 7:59 AM, Ben Greear wrote: >> >> Ok, I am happy to report that GRE with lower-dev bound to one VRF and >> greX in a different >> VRF works fine. >> > > mind sending a selftest that also documents this use case? > I don't have an easy way to extract this into a shell script, but at least as description: Create VETH pair: rddVR0 rddVR1 in my case rddVR0 has IP 2.2.2.1, in vrf0 rddVR1 has IP 2.2.2.2, in vrf1 # Create GRE device bound to rddVR1 (and indirectly bound to vrf1): ip link add name gre1 up type gre remote 2.2.2.1 local 2.2.2.2 ttl 255 dev rddVR1 # Create GRE device bound to rddVR0 (and indirectly bound to vrf0) ip link add name gre2 up type gre remote 2.2.2.2 local 2.2.2.1 ttl 255 dev rddVR0 Add gre1 to vrf11 Add gre2 to vrf00 gre1 IP address can be 10.1.1.2/32 gre2 IP address can be 10.1.1.1/32 And then you can generate TCP/UDP traffic between gre1 and gre2 if you bind to them in the normal manner when using VRFs (SO_BINDTODEV or similar). Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com
Powered by blists - more mailing lists