Hi,
On 23/08/16 15:43, Gert Doering wrote:
Hi,
On Mon, Aug 22, 2016 at 09:18:28PM +0200, Gert Doering wrote:
On Mon, Jan 04, 2016 at 02:43:44PM +0200, Lev Stipakov wrote:
v2: better method naming
[..]
Trac #642
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
ACK.
As stupid as this feels - we need to back this out again, because it
breaks TAP mode. Buildbot complained that all tap tests failed, and
manually bisecting master nailed it to *this* patch, and release/2.3
is similarily broken.
may I suggest to make this configurable, i.e. the user can specify
whether rec routed packets should be dropped? I'm afraid that we might
end up with code that drops packets that really should not be dropped -
people do weird things with routing: in 99% of the cases in error, but
in 1% of the cases because they want to do something funky.
It would also make it easy to include the current code in 2.3 - turn it
on in TUN mode by default and OFF in TAP mode.
JM2CW,
JJK
On the server side, for a t_client test with --dev tap, with this patch,
you see "the source mac is rotating"
Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI:
Learn: 20:00:40:01:d8:7a -> cron2-gentoo-i386/193.xx.xx.xx
Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI:
Learn: 20:b9:40:01:d7:c1 -> cron2-gentoo-i386/193.xx.xx.xx
Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx
MULTI: bad source address from client [01:72:40:01:fc:a0], packet dropped
Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI:
Learn: 20:00:40:01:3e:b1 -> cron2-gentoo-i386/193.xx.xx.xx
Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI:
Learn: 20:b9:40:01:3d:f8 -> cron2-gentoo-i386/193.xx.xx.xx
Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx
MULTI: bad source address from client [01:72:40:01:62:d7], packet dropped
Aug 23 09:37:24 phillip tap-udp-p2mp[60213]: cron2-gentoo-i386/193.xx.xx.xx MULTI:
Learn: 20:00:40:01:d7:d8 -> cron2-gentoo-i386/193.xx.xx.xx
... which looks like "the IP header ends up where the ethernet header
should be" (every ping packet shows up as "new source address" on the
openvpn server).
I have no idea what this could be, but since we want 2.3.12 out *today*,
we'll need to back it out of 2.3 for the time being.
Lev, do you have time to investigate?
gert
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
