Hi there, I think I've found a bug in the vxlan_output() function (in sys/net/if_vxlan.c). When the encapsulated packet is a multicast (flag M_MCAST is set) or a broadcast (flag M_BCAST is set), then "encapsulating" packet will have the same flag(s) set when ip_output() (or ip6_output()) is called.
This leads to some situations where a broadcast packet (say, an ARP who-has request) gets sent in ethernet broacast (but the IP address is set to the correct value). Most routers would then drop such a packet. I have written a Scapy script [1] (see its docstring for more details about what it does) to reproduce this bug. For your convenience, I have uploaded network captures created with this script, in multicast [2] & dynamic [3] modes. In both files, for example, the third packet is sent to the ethernet broadcast address, but to the correct IP address used for the VXLAN tunnel (239.0.0.1 in my examples). This is because the encapsulated packet is a broadcast packet. I'm not sure if you want to fix that both in vxlan_encap4() and vxlan_encap6() (first proposed patch [4]), or in vxlan_output() after these calls (second proposed patch [5]). Please let me know if you need more details from me. Thanks for your awesome work! Pierre [1] - http://pierre.droids-corp.org/p0rn/tests_vxlan.py [2] - http://pierre.droids-corp.org/p0rn/log_multicast_61.cap [3] - http://pierre.droids-corp.org/p0rn/log_dynamic_61.cap [4] - http://pierre.droids-corp.org/p0rn/openbsd-vxlan-1.patch [5] - http://pierre.droids-corp.org/p0rn/openbsd-vxlan-2.patch
