diff options
| author | Paul Chaignon <paul@isovalent.com> | 2022-07-25 16:32:53 +0200 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2022-07-26 12:43:48 +0200 |
| commit | 1115169f47ae45eeb04c616c404492bc8268daa0 (patch) | |
| tree | 626feefb8f1c328ec7114d388f9c8bba0cfa184a /net | |
| parent | b8fff748521c7178b9a7d32b5a34a81cec8396f3 (diff) | |
selftests/bpf: Don't assign outer source IP to host
The previous commit fixed a bug in the bpf_skb_set_tunnel_key helper to
avoid dropping packets whose outer source IP address isn't assigned to a
host interface. This commit changes the corresponding selftest to not
assign the outer source IP address to an interface.
Not assigning the source IP to an interface causes two issues in the
existing test:
1. The ARP requests will fail for that IP address so we need to add the
ARP entry manually.
2. The encapsulated ICMP echo reply traffic will not reach the VXLAN
device. It will be dropped by the stack before, because the
outer destination IP is unknown.
To solve 2., we have two choices. Either we perform decapsulation
ourselves in a BPF program attached at veth1 (the base device for the
VXLAN device), or we switch the outer destination address when we
receive the packet at veth1, such that the stack properly demultiplexes
it to the VXLAN device afterward.
This commit implements the second approach, where we switch the outer
destination address from the unassigned IP address to the assigned one,
only for VXLAN traffic ingressing veth1.
Then, at the vxlan device, the BPF program that checks the output of
bpf_skb_get_tunnel_key needs to be updated as the expected local IP
address is now the unassigned one.
Signed-off-by: Paul Chaignon <paul@isovalent.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/4addde76eaf3477a58975bef15ed2788c44e5f55.1658759380.git.paul@isovalent.com
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions