From: Ido Schimmel <idosch@nvidia.com>
To: David Bauer <mail@david-bauer.net>
Cc: Simon Horman <horms@kernel.org>,
davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, amcohen@nvidia.com, netdev@vger.kernel.org
Subject: Re: [PATCH net-next] vxlan: drop packets from invalid src-address
Date: Thu, 4 Apr 2024 19:25:39 +0300 [thread overview]
Message-ID: <Zg7Ug080-7o0wiWD@shredder> (raw)
In-Reply-To: <c4f2c217-b2bd-4716-be17-3c6097873061@david-bauer.net>
On Wed, Apr 03, 2024 at 07:14:14PM +0200, David Bauer wrote:
> I can take care of that. Thanks for analyzing the situation.
>
> One thing i still have in my head when looking at this:
>
> From my understanding, when i manage to send out such a packet from e.g. a
> VM connected to a vxlan overlay network and manage to send out such malformed
> packet, this would allow me to break the overlay network created with vxlan doesn't it?
>
> Can you comment on my assumption there?
I'm not sure which assumption you are referring to, but I did verify
that before your patch the VXLAN driver will learn an FDB entry with a
broadcast MAC if a malformed packet with a broadcast source MAC was
processed by it. This will cause the driver to send broadcast packets to
the VTEP that sent the malformed packet instead of flooding such packets
to all the VTEPs via the all-zeroes FDB entry. This behavior is
obviously wrong and I tested that it doesn't happen with your patch.
prev parent reply other threads:[~2024-04-04 16:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-31 21:14 [PATCH net-next] vxlan: drop packets from invalid src-address David Bauer
2024-04-01 3:04 ` Ratheesh Kannoth
2024-04-01 5:45 ` David Bauer
2024-04-02 18:08 ` Simon Horman
2024-04-03 12:45 ` Ido Schimmel
2024-04-03 17:14 ` David Bauer
2024-04-04 16:25 ` Ido Schimmel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zg7Ug080-7o0wiWD@shredder \
--to=idosch@nvidia.com \
--cc=amcohen@nvidia.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=mail@david-bauer.net \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).