Menu
▾
▴
Re: [Openvpn-devel] [PATCH v2] Drop recursively routed packets
|
From: Jan J. K. <ja...@ni...> - 2016-08-24 08:13:05
|
Hi, On 23/08/16 15:43, Gert Doering wrote: > Hi, > > On Mon, Aug 22, 2016 at 09:18:28PM +0200, Gert Doering wrote: >> On Mon, Jan 04, 2016 at 02:43:44PM +0200, Lev Stipakov wrote: >>> v2: better method naming > [..] >>> Trac #642 >>> >>> Signed-off-by: Lev Stipakov <lst...@gm...> >> ACK. > As stupid as this feels - we need to back this out again, because it > breaks TAP mode. Buildbot complained that all tap tests failed, and > manually bisecting master nailed it to *this* patch, and release/2.3 > is similarily broken. may I suggest to make this configurable, i.e. the user can specify whether rec routed packets should be dropped? I'm afraid that we might end up with code that drops packets that really should not be dropped - people do weird things with routing: in 99% of the cases in error, but in 1% of the cases because they want to do something funky. It would also make it easy to include the current code in 2.3 - turn it on in TUN mode by default and OFF in TAP mode. JM2CW, JJK > On the server side, for a t_client test with --dev tap, with this patch, > you see "the source mac is rotating" > > Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI: Learn: 20:00:40:01:d8:7a -> cron2-gentoo-i386/193.xx.xx.xx > Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI: Learn: 20:b9:40:01:d7:c1 -> cron2-gentoo-i386/193.xx.xx.xx > Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI: bad source address from client [01:72:40:01:fc:a0], packet dropped > Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI: Learn: 20:00:40:01:3e:b1 -> cron2-gentoo-i386/193.xx.xx.xx > Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI: Learn: 20:b9:40:01:3d:f8 -> cron2-gentoo-i386/193.xx.xx.xx > Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI: bad source address from client [01:72:40:01:62:d7], packet dropped > Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI: Learn: 20:00:40:01:d7:d8 -> cron2-gentoo-i386/193.xx.xx.xx > > ... which looks like "the IP header ends up where the ethernet header > should be" (every ping packet shows up as "new source address" on the > openvpn server). > > I have no idea what this could be, but since we want 2.3.12 out *today*, > we'll need to back it out of 2.3 for the time being. > > Lev, do you have time to investigate? > > gert > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Openvpn-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-devel |
