Index: sys/net/if_vxlan.c =================================================================== RCS file: /cvs/src/sys/net/if_vxlan.c,v retrieving revision 1.76 diff -u -p -r1.76 if_vxlan.c --- sys/net/if_vxlan.c 8 Nov 2019 07:16:29 -0000 1.76 +++ sys/net/if_vxlan.c 4 May 2020 09:39:26 -0000 @@ -82,6 +82,7 @@ struct vxlan_softc { void vxlanattach(int); int vxlanioctl(struct ifnet *, u_long, caddr_t); +int vxlanenqueue(struct ifnet *, struct mbuf *); void vxlanstart(struct ifnet *); int vxlan_clone_create(struct if_clone *, int); int vxlan_clone_destroy(struct ifnet *); @@ -150,6 +151,7 @@ vxlan_clone_create(struct if_clone *ifc, ifp->if_softc = sc; ifp->if_ioctl = vxlanioctl; + ifp->if_enqueue = vxlanenqueue; ifp->if_start = vxlanstart; IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN); @@ -294,6 +296,31 @@ vxlan_multicast_join(struct ifnet *ifp, if_detachhook_add(mifp, &sc->sc_dtask); return (0); +} + +int +vxlanenqueue(struct ifnet *ifp, struct mbuf *m) +{ + struct m_tag *mtag = NULL; + + /* Try to limit infinite recursion through misconfiguration. */ + while ((mtag = m_tag_find(m, PACKET_TAG_GRE, mtag)) != NULL) { + if (memcmp((caddr_t)(mtag + 1), &ifp->if_index, + sizeof(ifp->if_index)) == 0) { + m_freem(m); + return (EIO); + } + } + + mtag = m_tag_get(PACKET_TAG_GRE, sizeof(ifp->if_index), M_NOWAIT); + if (mtag == NULL) { + m_freem(m); + return (ENOMEM); + } + memcpy((caddr_t)(mtag + 1), &ifp->if_index, sizeof(ifp->if_index)); + m_tag_prepend(m, mtag); + + return (if_enqueue_ifq(ifp, m)); } void Index: share/man/man4/vxlan.4 =================================================================== RCS file: /cvs/src/share/man/man4/vxlan.4,v retrieving revision 1.8 diff -u -p -r1.8 vxlan.4 --- share/man/man4/vxlan.4 22 Nov 2018 17:31:11 -0000 1.8 +++ share/man/man4/vxlan.4 4 May 2020 09:39:26 -0000 @@ -82,6 +82,14 @@ The configuration can be done at runtime .Xr hostname.if 5 configuration file for .Xr netstart 8 . +.Pp +For correct operation, encapsulated traffic must not be routed +over the interface itself. +This can be implemented by adding a distinct or a more specific +route to the tunnel destination than the hosts or networks routed +via the tunnel interface. +Alternatively, the tunnel traffic may be configured in a separate +routing table to the encapsulated traffic. .Sh EXAMPLES Create a tunnel to a unicast tunnel endpoint, using the virtual tunnel identifier 5: