On 03/16/2018 07:36 PM, Grant Taylor wrote:
IMHO this shouldn't be possible as it's only got a route to 192.0.2.0/24.
Okay. Apparently Linux is being smarter than I expect it to be.If I add a default via a non-local IP, I see ARP requests for said non-local IP. Which will never reply as the IP doesn't exist on the vEth pair.
But, that does tell me that Linux would ARP for the gateway IP if it didn't already have it.
I just manually added a bogus static ARP entry for the bogus IP and now I see Ethernet frames destined to said bogus gateway IP & MAC.
19:40:45.041011 52:29:79:a2:44:b8 > d4:be:d9:8d:80:d3, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 8.8.8.8: ICMP echo request, id 11407, seq 1, length 64 19:40:46.047385 52:29:79:a2:44:b8 > d4:be:d9:8d:80:d3, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 8.8.8.8: ICMP echo request, id 11407, seq 2, length 64 19:40:47.071388 52:29:79:a2:44:b8 > d4:be:d9:8d:80:d3, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 8.8.8.8: ICMP echo request, id 11407, seq 3, length 64 19:40:48.095350 52:29:79:a2:44:b8 > d4:be:d9:8d:80:d3, ethertype IPv4 (0x0800), length 98: 192.0.2.1 > 8.8.8.8: ICMP echo request, id 11407, seq 4, length 64
So … what this tells me is that Linux will use itself as a default gateway, and send Ethernet frames out the interface that it's local IP is bound to.
First it will ARP for the target IP address. If it gets a reply, it will start sending the traffic.
This can be leveraged by enabling Proxy ARP on the upstream interface. }:-) -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature