9

I am trying to find a tool that will allow me to find the route a packet will take that comes in on a device, and has a particular destination address.

ip route get will do most of what I am looking for.

The issue is that I would like to test whether packets are finding the right routes when they have a fwmark in a rather complicated routing environment.

The ideal tool would allow spoofing a generic packet with a fwmark (or other properties) and could either send it through the entire IpTables chains and the ip route / ip rule sets, or just find the route that would be returned.

I'd like to be able to run a command to verify that a particular set of routes works as intended.

Minimum requirement would be something like ip route get but with fwmark support.

Although, at this point, any suggestions for testing utilities of routing would be greatly appreciated! It gets complicated rather quickly as the routes pile up.

Improve this question

3 Answers 3

Reset to default
12

You can use the mark option in the 'ip route get' command. Also you can specify source-address and input and output intefaces in this command.

Examples:

ip route get 8.8.8.8 mark 0x20 - check the route of marked packets to 8.8.8.8 address.

ip route get 8.8.8.8 from 192.168.0.200 iif eth1 - check the route of forwarded packets from 192.168.0.200 host received through eth1 interface. In this case you should specify iif if the 'from' address isn't on this host (not local).

ip route get 8.8.8.8 from 192.168.0.100 iif eth1 mark 0x30 - like previous example, but with the mark specifying.

To test the path of packets through the netfilter rule set you can use the TRACE target and scapy to construct desired packets.

Improve this answer
2
  • 1
    You have to be kidding me! I can't find that documented anywhere. Thanks!
    – msumme
    Commented Dec 31, 2015 at 22:54
  • Could you say more about testing the path of packets through the netfilter rule set, or provide a link to a tutorial? I'm really not sure how to do that, though the part about scapy makes sense.
    – msumme
    Commented Dec 31, 2015 at 23:01
1

The technical name for the tooling you're looking for is a "packet crafter"

Specific product recommendations are off-topic for ServerFault but one such list with alternative tools to their own nping is maintained by the nmap project and can be found on http://SecTools.org/tag/packet-crafters/ and another is on Wikipedia.

Improve this answer
0

For anything other than ip route get, try https://github.com/zhangyoufu/fwmark

This Python3 script create a new cgroup and attach eBPF program to enforce fwmark (SO_MARK) as soon as the socket is created. Inspired by ip vrf exec.

This should be useful for diagnosing multi-homing network / policy routing.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .