reset nf before xmit vxlan encapsulated packet · git-mirror/linux@88c4c06

Commit

reset nf before xmit vxlan encapsulated packet

We should reset nf settings bond to the skb as ipip/ipgre do.

If not, the conntrack/nat info bond to the origin packet may continually
redirect the packet to vxlan interface causing a routing loop.

this is the scenario:

     VETP     VXLAN Gateway
    /----\  /---------------\
    |    |  |               |
    |  vx+--+vx --NAT-> eth0+--> Internet
    |    |  |               |
    \----/  \---------------/

when there are any packet coming from internet to the vetp, there will be lots
of garbage packets coming out the gateway's vxlan interface, but none actually
sent to the physical interface, because they are redirected back to the vxlan
interface in the postrouting chain of NAT rule, and dmesg complains:

    Mar  1 21:52:53 debian kernel: [ 8802.997699] Dead loop on virtual device vxlan0, fix it urgently!
    Mar  1 21:52:54 debian kernel: [ 8804.004907] Dead loop on virtual device vxlan0, fix it urgently!
    Mar  1 21:52:55 debian kernel: [ 8805.012189] Dead loop on virtual device vxlan0, fix it urgently!
    Mar  1 21:52:56 debian kernel: [ 8806.020593] Dead loop on virtual device vxlan0, fix it urgently!

the patch should fix the problem

Signed-off-by: Zang MingJie <zealot0630@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Loading branch information

Zang MingJie authored and David S. Miller committed Mar 6, 2013

1 parent 76e4cb0 commit 88c4c06

drivers/net/vxlan.c

-Original file line number
+Diff line change
@@ Expand Up @@
     	iph->ttl	= ttl ? : ip4_dst_hoplimit(&rt->dst);
     	tunnel_ip_select_ident(skb, old_iph, &rt->dst);
+    	nf_reset(skb);
     	vxlan_set_owner(dev, skb);
     	/* See iptunnel_xmit() */
@@ Expand Down @@

0 comments on commit `88c4c06`

Please sign in to comment.

Commit

There are no files selected for viewing

0 comments on commit 88c4c06

0 comments on commit `88c4c06`