lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 12 Jan 2014 10:25:03 -0800
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	sowmini varadhan <sowmini05@...il.com>
Cc:	netdev@...r.kernel.org, sowmini.varadhan@...com
Subject: Re: a vxlan question.

On Sun, 12 Jan 2014 12:25:51 -0500
sowmini varadhan <sowmini05@...il.com> wrote:

> A question about the vxlan implementation in linux:
> 
> if the inner packet (the frame that is vxlan encapsulated) is an IP
> packet that has the DF bit set, i.e., it is a PMTU discovery packet, and
> the subsequent vxlan encapsulation results in a ICMP packet-too-big
> error,then does the VTEP relay that error back to the originator of
> the
> PMTU packet?
> 
> AFAICT, the current linux code in drivers/net/vxlan.c
> does not address any icmp errors (though it sets the DF of the outer
> header based on the inner header). From my reading of the code,
> we'd end up in __udp4_lib_err for the vxlan-encaps packet, but
> there's nothing in there that recognizes that the udp payload is
> itself an ethernet+IP frame and relays pmtu back to the (inner) ip src?
> Did I miss something?
> 
> --Sowmini
> --

The VXLAN like all layer 2 tunnels is not allowed to respond IP packets
in the inner header. One of the principles of network virtualization
is that the inner network IP space may overlap or be invalid in the
outer IP domain. Therefore an intermediate system (like VXLAN) does
not have a valid IP in the inner domain to send a response.

Another way to look at is that VXLAN is more of L2 bridge rather
than a L3 router.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists