lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Jan 2014 10:25:03 -0800 From: Stephen Hemminger <stephen@...workplumber.org> To: sowmini varadhan <sowmini05@...il.com> Cc: netdev@...r.kernel.org, sowmini.varadhan@...com Subject: Re: a vxlan question. On Sun, 12 Jan 2014 12:25:51 -0500 sowmini varadhan <sowmini05@...il.com> wrote: > A question about the vxlan implementation in linux: > > if the inner packet (the frame that is vxlan encapsulated) is an IP > packet that has the DF bit set, i.e., it is a PMTU discovery packet, and > the subsequent vxlan encapsulation results in a ICMP packet-too-big > error,then does the VTEP relay that error back to the originator of > the > PMTU packet? > > AFAICT, the current linux code in drivers/net/vxlan.c > does not address any icmp errors (though it sets the DF of the outer > header based on the inner header). From my reading of the code, > we'd end up in __udp4_lib_err for the vxlan-encaps packet, but > there's nothing in there that recognizes that the udp payload is > itself an ethernet+IP frame and relays pmtu back to the (inner) ip src? > Did I miss something? > > --Sowmini > -- The VXLAN like all layer 2 tunnels is not allowed to respond IP packets in the inner header. One of the principles of network virtualization is that the inner network IP space may overlap or be invalid in the outer IP domain. Therefore an intermediate system (like VXLAN) does not have a valid IP in the inner domain to send a response. Another way to look at is that VXLAN is more of L2 bridge rather than a L3 router. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists