Bug#595670: Preferred source address selection ("src" field) ignored with IPv6

Fri, 13 Sep 2013 16:09:40 -0700 

I think I'm seeing (a variant of) this bug in wheezy. I'm saying a
variant, because this is an IPv4 configuration:

TCP packets to 190.93.249.164 are marked and routed through the "tovpn"
table:

[0] root@thinkpad:~# ip rule
0:      from all lookup local
32765:  from all fwmark 0x1 lookup tovpn
32766:  from all lookup main
32767:  from all lookup default

[0] root@thinkpad:~# ip route show table tovpn
190.93.249.164 via 192.168.12.1 dev rath  src 192.168.12.2

However, when actually sending something ("nc 190.93.249.164 80 -v"),
the packets are sent to the right interface, but with the wrong source
address:

[0] root@thinkpad:~# tcpdump -i rath -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rath, link-type RAW (Raw IP), capture size 65535 bytes
15:53:38.053804 IP 192.168.4.177.36059 > 190.93.249.164.80: Flags [S],
seq 352711308, win 29200, options [mss 1460,sackOK,TS val 1840883 ecr
0,nop,wscale 7], length 0
[...]

Note the source address should be 192.168.12.2. The tovpn routing table,
however, is obviously used or the packet wouldn't go via the rath interface.


Interestingly enough, if I change the default route in the main table
(which shouldn't be consulted at all) from

[0] root@thinkpad:~# ip route show
default via 192.168.4.254 dev wlan0
23.92.25.96 via 192.168.4.254 dev wlan0
169.254.0.0/16 dev wlan0  scope link  metric 1000
192.168.4.0/24 dev wlan0  proto kernel  scope link  src 192.168.4.177
metric 9
192.168.12.0/24 dev rath  proto kernel  scope link  src 192.168.12.2

to

[0] root@thinkpad:~# ip route show
default via 192.168.12.1 dev rath
23.92.25.96 via 192.168.4.254 dev wlan0
169.254.0.0/16 dev wlan0  scope link  metric 1000
192.168.4.0/24 dev wlan0  proto kernel  scope link  src 192.168.4.177
metric 9
192.168.12.0/24 dev rath  proto kernel  scope link  src 192.168.12.2

then the packets to 190.93.249.164 are sent with the correct source
address. So it seems that the source address is taken from the default
route in the main table, rather than the src address in the rule from
the tovpn table.


Best,
-Nikolaus


-- 
Encrypted emails preferred.
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6  02CF A9AD B7F8 AE4E 425C

             »Time flies like an arrow, fruit flies like a Banana.«


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to