* [PATCH 1/1] reset nf before xmit vxlan encapsulated packet
@ 2013-03-04 16:07 Zang MingJie
2013-03-06 4:56 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Zang MingJie @ 2013-03-04 16:07 UTC (permalink / raw)
To: netdev, David S. Miller; +Cc: Zang MingJie
We should reset nf settings bond to the skb as ipip/ipgre do.
If not, the conntrack/nat info bond to the origin packet may continually
redirect the packet to vxlan interface causing a routing loop.
this is the scenario:
VETP VXLAN Gateway
/----\ /---------------\
| | | |
| vx+--+vx --NAT-> eth0+--> Internet
| | | |
\----/ \---------------/
when there are any packet coming from internet to the vetp, there will be lots
of garbage packets coming out the gateway's vxlan interface, but none actually
sent to the physical interface, because they are redirected back to the vxlan
interface in the postrouting chain of NAT rule, and dmesg complains:
Mar 1 21:52:53 debian kernel: [ 8802.997699] Dead loop on virtual device vxlan0, fix it urgently!
Mar 1 21:52:54 debian kernel: [ 8804.004907] Dead loop on virtual device vxlan0, fix it urgently!
Mar 1 21:52:55 debian kernel: [ 8805.012189] Dead loop on virtual device vxlan0, fix it urgently!
Mar 1 21:52:56 debian kernel: [ 8806.020593] Dead loop on virtual device vxlan0, fix it urgently!
the patch should fix the problem
Signed-off-by: Zang MingJie <zealot0630@gmail.com>
---
drivers/net/vxlan.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index f10e58a..c3e3d29 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -961,6 +961,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev)
iph->ttl = ttl ? : ip4_dst_hoplimit(&rt->dst);
tunnel_ip_select_ident(skb, old_iph, &rt->dst);
+ nf_reset(skb);
+
vxlan_set_owner(dev, skb);
/* See iptunnel_xmit() */
--
1.7.10.4
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH 1/1] reset nf before xmit vxlan encapsulated packet
2013-03-04 16:07 [PATCH 1/1] reset nf before xmit vxlan encapsulated packet Zang MingJie
@ 2013-03-06 4:56 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2013-03-06 4:56 UTC (permalink / raw)
To: zealot0630; +Cc: netdev
From: Zang MingJie <zealot0630@gmail.com>
Date: Tue, 5 Mar 2013 00:07:34 +0800
>
> We should reset nf settings bond to the skb as ipip/ipgre do.
>
> If not, the conntrack/nat info bond to the origin packet may continually
> redirect the packet to vxlan interface causing a routing loop.
>
> this is the scenario:
>
> VETP VXLAN Gateway
> /----\ /---------------\
> | | | |
> | vx+--+vx --NAT-> eth0+--> Internet
> | | | |
> \----/ \---------------/
>
> when there are any packet coming from internet to the vetp, there will be lots
> of garbage packets coming out the gateway's vxlan interface, but none actually
> sent to the physical interface, because they are redirected back to the vxlan
> interface in the postrouting chain of NAT rule, and dmesg complains:
>
> Mar 1 21:52:53 debian kernel: [ 8802.997699] Dead loop on virtual device vxlan0, fix it urgently!
> Mar 1 21:52:54 debian kernel: [ 8804.004907] Dead loop on virtual device vxlan0, fix it urgently!
> Mar 1 21:52:55 debian kernel: [ 8805.012189] Dead loop on virtual device vxlan0, fix it urgently!
> Mar 1 21:52:56 debian kernel: [ 8806.020593] Dead loop on virtual device vxlan0, fix it urgently!
>
> the patch should fix the problem
>
> Signed-off-by: Zang MingJie <zealot0630@gmail.com>
Applied, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-03-06 4:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-03-04 16:07 [PATCH 1/1] reset nf before xmit vxlan encapsulated packet Zang MingJie
2013-03-06 4:56 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).