Is there an existing issue for this?

• I have searched the existing issues

What happened?

I have enabled DSR as well as ENABLE_DSR_ICMP_ERRORS, so that icmp error packet is returned to the sender in case DSR packet becomes bigger than the MTU size.

UDP client sends a UDP packet of size equal to MTU of the lb node. The packet is destined to UDP service. When the packet reaches lb node, DSR code kicks in and adds 8 bytes of additional data. This makes the packet size larger than MTU and lb node usually just drops it. Since ENABLE_DSR_ICMP_ERRORS is enabled, dsr_reply_icmp4() sends the response back to the client indicating ICMP error.

The ICMP error packet should have following format. (https://www.computernetworkingnotes.com/networking-tutorials/icmp-error-messages-and-format-explained.html)
packet: ipv4 header + ICMP header + original-incoming-ipv4 header + first-8-bytes-of-data-in-original-packet

However, it is noticed that 'original-incoming-ipv4 header' contains all 0s. So, the packet can not be decoded by the client.

Cilium Version

v1.11

Kernel Version

5.17.11-1rodete2-amd64 #1 SMP PREEMPT Debian 5.17.11-1rodete2 (2022-06-09) x86_64 GNU/Linux

Kubernetes Version

1.23

Sysdump

No response

Relevant log output

Captured ICMP packet looks like this (I have added dummy 14 bytes L2 header at the front). Check the following packet using any packet decoder (e.g. https://hpd.gasmi.net/)

10 30 40 50 60 70 10 30 40 50 60 50 08 00 45 00 00 38 46 47 40 00 40 01 4B 86 0A FD 93 32 0A C8 00 01 03 04 F7 81 00 00 05 7A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 D0 0D 05 05 6E A2 C9

Anything else?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct