Hi Pablo,
On 10/30/23 09:41, Pablo Neira Ayuso wrote:
Then, to forward packets to some other box from the 'netdev' family,
use the 'fwd' statement:
udp dport 67 udp dport set 10067 counter fwd to 100.64.0.66 device "eth0"
This rule above is mangling your UDP destination port from 67 to
10067, then it send the packet to 100.64.0.66 and device "eth0". The
destination MAC address is updated by the neighbour layer so you do
not have to bother with "ether daddr set ..."
This works, thanks. But - all packets are duplicated :)
If I run on the receiving host the command (in short - extract what I'm
interested in)
tshark -i enp1s0 -l -f 'port 10067 and ether[42:1]==2' -d
udp.port=10067,dhcp -V -Y 'dhcp.option.dhcp==5' -V -E "separator=|" -E
"quote=n" -E "occurrence=a" -T fields -e
"dhcp.option.agent_information_option.value" -e "dhcp.ip.client"
then when using the old version of rules (just to check and compare) -
udp dport 67 meta pkttype set other ether daddr set 96:9f:7c:d3:c3:66 ip
daddr set 100.64.0.15 udp dport set 10067 counter accept
then tshark shows everything is ok, but if using -
udp dport 67 udp dport set 10067 counter fwd ip to 100.64.0.15 device enp1s0
( which comes to
# nft list ruleset
table netdev inspan {
chain rewrit {
type filter hook ingress device "inspan" priority filter;
policy drop;
udp dport 67 udp dport set 10067 counter packets 9510 bytes
4137201 fwd ip to 100.64.0.15 device "enp1s0"
}
}
then every packet (same running tshark) is duplicated:
64702...31333430|x.x.x2.238
64702...31333430|x.x.x2.238
48522...312e3430|x.x.x4.168
48522...312e3430|x.x.x4.168
49534...312e3430|x.x.x5.119
49534...312e3430|x.x.x5.119
6c632...2f392d34|x.x.x5.183
6c632...2f392d34|x.x.x5.183
Linux 6.5.0-060500-generic #202308271831 SMP PREEMPT_DYNAMIC Sun Aug 27
22:37:37 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
nftables v1.0.2 (Lester Gooch)
Any ideas why this can happen?
Thank you.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
