Re: [PATCH net-next 00/11] ICMP error handling for UDP tunnels

[Stefano Brivio <sbrivio@redhat.com>]

On Wed, 7 Nov 2018 12:09:51 +0100
Jiri Benc <jbenc@redhat.com> wrote:

> On Tue,  6 Nov 2018 22:38:56 +0100, Stefano Brivio wrote:
> > - patch 1/11 adds a socket lookup for UDP tunnels that use, by design,
> >   the same destination port on both endpoints -- i.e. VxLAN and GENEVE  
> 
> This is not necessarily true with lwtunnels (collect_md mode of VXLAN
> and GENEVE). While any sane setup will use the same dst ports, there's
> really nothing that enforces it. Of course, in that case we have no way
> to map the ICMP error back to the tunnel.

Right, thanks for pointing that out. I will expand on that in the
comments to __udp{4,6}_lib_err_encap().

> Generally speaking, I'm not sure how ICMP error handling should work
> for external control planes. Are we sure they want PMTU discovery and
> route redirection done by the kernel? (I am not sure, neither way.)

I'm not sure either, even though I have a slight preference on
making this work by default, rather than not even giving lwtunnels a
chance by dropping ICMP messages, as it currently stands.

By the way, if needed, it's easy to disable or make it configurable:

- in geneve_udp_encap_err_lookup():
	if (gs->collect_md)
		return -ENOENT;

- in vxlan_err_lookup():
	if (vxlan_collect_metadata(gs))
		return -ENOENT;

but I would rather deal with this at a later moment, and only if the
need arises.

-- 
Stefano