lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 18 Jul 2023 09:01:32 +0000
From: "Zekri, Ishay" <Ishay.Zekri@...l.com>
To: Jakub Kicinski <kuba@...nel.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "edumazet@...gle.com"
	<edumazet@...gle.com>,
        "Panina, Alexandra" <Alexandra.Panina@...l.com>,
        "Barcinski, Bartosz" <Bartosz.Barcinski@...l.com>
Subject: RE: MCVLAN device do not honor smaller mtu than physical device

I gave this post as an example to the issue we are seeing.
We tried to ping from host outside of the server.


Internal Use - Confidential

-----Original Message-----
From: Jakub Kicinski <kuba@...nel.org> 
Sent: Thursday, July 13, 2023 3:24 AM
To: Zekri, Ishay
Cc: netdev@...r.kernel.org; edumazet@...gle.com; Panina, Alexandra; Barcinski, Bartosz
Subject: Re: MCVLAN device do not honor smaller mtu than physical device


[EXTERNAL EMAIL] 

On Wed, 12 Jul 2023 09:06:20 +0000 Zekri, Ishay wrote:
> Hi,
> 
> We experiencing an issue in which MACVLAN MTU does not limit the frame 
> size, i.e. the limitation is coming from the physical device MTU.
> Kernel version: 5.3.18
> 
> As described in the case below:
> https://urldefense.com/v3/__https://unix.stackexchange.com/questions/7
> 08638/macvlan-device-do-not-honor-smaller-mtu-than-physical-device__;!
> !LpKI!iFTSU67fNksfVLQ4yxAk3ggSMZPw-qM4PlkTINcLKkuCbWWhnSYQV3YxsBjFDTc1
> hIIiWqVFlWFH$ [unix[.]stackexchange[.]com]
> 
> it seems like this issue might have a fix.
> 
> If there was a known kernel issue that was fixed, I really apricate if you can provide to me the commit in which it was fixed.

In the post above you seem to be pinging the local IP address.

129: K9AT9i1G2x@...6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ba:c7:36:3f:9a:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.40/21 scope global K9AT9i1G2x
         ^^^^^^^^^^^^^
 # ping -c 3 -M do -s 8972 192.168.15.40
                           ^^^^^^^^^^^^^

Local traffic gets routed thru the loopback interface which has the default MTU of 64k. Did you try to ping something outside of the host?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ