diff options
| author | Ben Pfaff <blp@nicira.com> | 2008-12-18 11:17:36 -0800 |
|---|---|---|
| committer | Ben Pfaff <blp@nicira.com> | 2008-12-18 11:17:36 -0800 |
| commit | a8f8875b392e10bdade8d2abeb909a229d0f5a11 (patch) | |
| tree | 784e3f844d3784769b5d420ebb56a957ac58f4b2 | |
| parent | c5fa5e4b115c3a92d87f293c311d6b67d05c2b42 (diff) | |
| download | openvswitch-a8f8875b392e10bdade8d2abeb909a229d0f5a11.tar.gz | |
secchan: Switch in-band control traffic by hand only on OpenFlow TCP ports.
To run services, other than the controller itself, on the same IP and MAC
as the controller, sophisticated controllers such as NOX need to have some
insight into the controller's location, etc. Before this commit, this
was not possible, because any traffic to or from the controller's MAC
address was switched "by hand" by secchan, without involving the controller
at all.
After this commit, only traffic to or from the controller's MAC *and on
the OpenFlow TCP or SSL port* is switched by hand, which should fix the
problem.
| -rw-r--r-- | secchan/in-band.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/secchan/in-band.c b/secchan/in-band.c index f9773a793..8556a6ec4 100644 --- a/secchan/in-band.c +++ b/secchan/in-band.c @@ -152,6 +152,8 @@ in_band_local_packet_cb(struct relay *r, void *in_band_) return false; } in_port = ntohs(opi->in_port); + get_ofp_packet_payload(opi, &payload); + flow_extract(&payload, in_port, &flow); /* Deal with local stuff. */ if (in_port == OFPP_LOCAL) { @@ -167,8 +169,14 @@ in_band_local_packet_cb(struct relay *r, void *in_band_) && is_controller_mac(eth->eth_src, in_band)) { /* ARP sent by controller. */ out_port = OFPP_FLOOD; - } else if (is_controller_mac(eth->eth_dst, in_band) - || is_controller_mac(eth->eth_src, in_band)) { + } else if ((is_controller_mac(eth->eth_dst, in_band) + || is_controller_mac(eth->eth_src, in_band)) + && flow.dl_type == htons(ETH_TYPE_IP) + && flow.nw_proto == IP_TYPE_TCP + && (flow.tp_src == htons(OFP_TCP_PORT) + || flow.tp_src == htons(OFP_SSL_PORT) + || flow.tp_dst == htons(OFP_TCP_PORT) + || flow.tp_dst == htons(OFP_SSL_PORT))) { /* Traffic to or from controller. Switch it by hand. */ in_band_learn_mac(in_band, in_port, eth->eth_src); out_port = mac_learning_lookup(in_band->ml, eth->eth_dst); @@ -190,8 +198,6 @@ in_band_local_packet_cb(struct relay *r, void *in_band_) } } - get_ofp_packet_payload(opi, &payload); - flow_extract(&payload, in_port, &flow); if (in_port == out_port) { /* The input and output port match. Set up a flow to drop packets. */ queue_tx(rc, in_band, make_add_flow(&flow, ntohl(opi->buffer_id), |