Hi,
I have two concerns about tinc's behavior regarding MAC addresses in
router mode:
- Looking at the code, it appears that tinc is always sending each
packet with its Ethernet header, even if tinc is operating in router
mode. It is my understanding that in router mode, all routing is done at
the IP level, thus we do not need Ethernet information. This seems like
unnecessary overhead.
- I believe I have found a bug in tinc on Linux when it is used with
Mode = router and DeviceType = tap. This combination is useful because
it allows global broadcast packets to be used in router mode. However,
when tinc receives a packet in this situation, it needs to make sure its
destination MAC address matches the address of the TAP adapter, which is
typically not the case since the sending node doesn't know the MAC
address of the recipient. Unfortunately, this is not the case on Linux,
which breaks connectivity. This simple patch fixes the issue:
--- src/linux/device.c 2013-07-13 22:52:33.841655000 +0100
+++ src/linux/device.c 2013-07-13 22:53:36.210804000 +0100
@@ -84,6 +84,8 @@
device_type = DEVICE_TYPE_TUN;
device_info = "Linux tun/tap device (tun mode)";
} else {
+ if (routing_mode == RMODE_ROUTER)
+ overwrite_mac = true;
ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
device_type = DEVICE_TYPE_TAP;
device_info = "Linux tun/tap device (tap mode)";
--
Etienne Dechamps
On Sat, Jul 13, 2013 at 11:34:42PM +0100, Etienne Dechamps wrote:> I have two concerns about tinc's behavior regarding MAC addresses in > router mode: > > - Looking at the code, it appears that tinc is always sending each > packet with its Ethernet header, even if tinc is operating in router > mode. It is my understanding that in router mode, all routing is > done at the IP level, thus we do not need Ethernet information. This > seems like unnecessary overhead.That's correct. The main reason for this is that the protocol was fixed in tinc 1.0. In tinc 1.1, when using the new protocol, the Ethernet header is omitted in router mode.> - I believe I have found a bug in tinc on Linux when it is used with > Mode = router and DeviceType = tap. This combination is useful > because it allows global broadcast packets to be used in router > mode. However, when tinc receives a packet in this situation, it > needs to make sure its destination MAC address matches the address > of the TAP adapter, which is typically not the case since the > sending node doesn't know the MAC address of the recipient. > Unfortunately, this is not the case on Linux, which breaks > connectivity. This simple patch fixes the issue:[...] Thanks, I applied your patch to the git repository, it will be part of the next release! -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20130715/aeebf837/attachment.sig>
Possibly Parallel Threads
- [PATCH] Use /dev/tap0 by default on BSD if mode != router
- [PATCH 1/6] Staging: hv: Unify hyper-v device abstractions
- [PATCH 1/6] Staging: hv: Unify hyper-v device abstractions
- [PATCH ] Staging: hv: Hyper-V driver cleanup
- [PATCH ] Staging: hv: Hyper-V driver cleanup