lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 2 Sep 2021 08:17:04 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Jarod Wilson <jarod@...hat.com>
Cc:     netdev@...r.kernel.org
Subject: Fw: [Bug 214277] New: mtu value for geneve interface

It looks like this code in geneve_setup() causes this bug.

	/* The max_mtu calculation does not take account of GENEVE
	 * options, to avoid excluding potentially valid
	 * configurations. This will be further reduced by IPvX hdr size.
	 */
	dev->max_mtu = IP_MAX_MTU - GENEVE_BASE_HLEN - dev->hard_header_len;


Begin forwarded message:

Date: Thu, 02 Sep 2021 10:30:58 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 214277] New: mtu value for geneve interface


https://bugzilla.kernel.org/show_bug.cgi?id=214277

            Bug ID: 214277
           Summary: mtu value for geneve interface
           Product: Networking
           Version: 2.5
    Kernel Version: 5.14
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: IPV4
          Assignee: stephen@...workplumber.org
          Reporter: pupilla@...mail.com
        Regression: No

Hello everyone,

I am implementing a L2 connectivity through an ipv4 network,
via GENEVE protocol.

There are two systems called 'GENgw1' and 'GENgw2' that
implement a GENEVE tunnel to provide L2 connectivity (a
bridge is configured on both) between the 'Ovest' and 'Est'
systems.

This is the diagram:


|Ovest eth0=10.1.1.2/24|-----|eth1 GENgw2 eth0=172.19.1.2/24|---+
                              br0                               |
                                                                |
                                                              geneve
                                                                |
                                                                |
|Est eth0=10.1.1.1/24|-------|eth1 GENgw1 eth0=172.19.1.1/24|---+
                              br0


The value of the mtu assigned by default to the geneve
interface is 1450 bytes, when the mtu of the physical
interface is 1500 bytes.

I am forced to increase it (from 1450 to 1500) to ensure
the correct mtu in the L2 virtual network segment.

This is the output from GENgw1 after forcing the mtu
to 1500 bytes for the geneve device:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
    link/ether fc:4d:d4:2e:cd:81 brd ff:ff:ff:ff:ff:ff
    inet 172.19.1.1/24 brd 172.19.1.255 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0
state UP group default qlen 1000
    link/ether 00:15:17:a6:ee:4c brd ff:ff:ff:ff:ff:ff
8: genevetunnel: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master br0 state UNKNOWN group default qlen 1000
    link/ether 9e:9a:e7:1a:2d:30 brd ff:ff:ff:ff:ff:ff
9: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group
default qlen 1000
    link/ether 00:15:17:a6:ee:4c brd ff:ff:ff:ff:ff:ff

GENgw2 setup is mirrored as GENgw1.

If I start a ping with a 1460 bytes long packet from the
'Est' system to the 'Ovest' system, the 'GENgw1' gateway
responds with an icmp message that it is necessary to
fragment the packet because it is too large because the
mtu is 1450 bytes.

tcpdump taken on GENgw1/eth1:

11:26:18.189960 IP (tos 0x0, ttl 255, id 17493, offset 0, flags [DF], proto
ICMP (1), length 1488)
    192.168.1.1 > 192.168.1.2: ICMP echo request, id 34081, seq 0, length 1468

11:26:18.189983 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto ICMP
(1), length 576)
    192.168.1.2 > 192.168.1.1: ICMP 192.168.1.2 unreachable - need to frag (mtu
1450), length 556
        IP (tos 0x0, ttl 255, id 17493, offset 0, flags [DF], proto ICMP (1),
length 1488)
    192.168.1.1 > 192.168.1.2: ICMP echo request, id 34081, seq 0, length 1468

Is this what should be expected?

Thank you all for your attention.

Cheers,
Marco

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ