ofproto-dpif-xlate: Update tunnel neighbor when receive gratuitous ARP.

OVS now just allow the ARP Reply which the destination address is matched
against the known xbridge addresses to update tunnel neighbor. So when OVS
receive the gratuitous ARP from underlay gateway which the source address
and destination address are all gateway IP, tunnel neighbor will not be updated.

Fixes: ba07cf222a0c ("Handle gratuitous ARP requests and replies in tnl_arp_snoop()")
Fixes: 83c2757bd16e ("xlate: Move tnl_neigh_snoop() to terminate_native_tunnel()")
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Han Ding <handing@chinatelecom.cn>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>

2 files changed, 31 insertions, 3 deletions

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index ce1d94db3..8a28b29d4 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -4153,6 +4153,16 @@ xport_has_ip(const struct xport *xport)
     return n_in6 ? true : false;
 }
 
+static bool check_neighbor_reply(struct xlate_ctx *ctx, struct flow *flow)
+{
+    if (flow->dl_type == htons(ETH_TYPE_ARP) ||
+        flow->nw_proto == IPPROTO_ICMPV6) {
+        return is_neighbor_reply_correct(ctx, flow);
+    }
+
+    return false;
+}
+
 static bool
 terminate_native_tunnel(struct xlate_ctx *ctx, const struct xport *xport,
                         struct flow *flow, struct flow_wildcards *wc,
@@ -4173,9 +4183,7 @@ terminate_native_tunnel(struct xlate_ctx *ctx, const struct xport *xport,
         /* If no tunnel port was found and it's about an ARP or ICMPv6 packet,
          * do tunnel neighbor snooping. */
         if (*tnl_port == ODPP_NONE &&
-            (flow->dl_type == htons(ETH_TYPE_ARP) ||
-             flow->nw_proto == IPPROTO_ICMPV6) &&
-             is_neighbor_reply_correct(ctx, flow)) {
+            (check_neighbor_reply(ctx, flow) || is_garp(flow, wc))) {
             tnl_neigh_snoop(flow, wc, ctx->xbridge->name,
                             ctx->xin->allow_side_effects);
         } else if (*tnl_port != ODPP_NONE &&
diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at
index c9a04c76b..50f90815a 100644
--- a/tests/tunnel-push-pop.at
+++ b/tests/tunnel-push-pop.at
@@ -369,6 +369,26 @@ AT_CHECK([ovs-appctl tnl/neigh/show | grep br | sort], [0], [dnl
 1.1.2.92                                      f8:bc:12:44:34:b6   br0
 ])
 
+dnl Receiving Gratuitous ARP request with correct VLAN id should alter tunnel neighbor cache
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'recirc_id(0),in_port(1),eth(src=f8:bc:12:44:34:c8,dst=ff:ff:ff:ff:ff:ff),eth_type(0x8100),vlan(vid=10,pcp=7),encap(eth_type(0x0806),arp(sip=1.1.2.92,tip=1.1.2.92,op=1,sha=f8:bc:12:44:34:c8,tha=00:00:00:00:00:00))'])
+
+ovs-appctl time/warp 1000
+ovs-appctl time/warp 1000
+
+AT_CHECK([ovs-appctl tnl/neigh/show | grep br | sort], [0], [dnl
+1.1.2.92                                      f8:bc:12:44:34:c8   br0
+])
+
+dnl Receiving Gratuitous ARP reply with correct VLAN id should alter tunnel neighbor cache
+AT_CHECK([ovs-appctl netdev-dummy/receive p0 'recirc_id(0),in_port(1),eth(src=f8:bc:12:44:34:b2,dst=ff:ff:ff:ff:ff:ff),eth_type(0x8100),vlan(vid=10,pcp=7),encap(eth_type(0x0806),arp(sip=1.1.2.92,tip=1.1.2.92,op=2,sha=f8:bc:12:44:34:b2,tha=f8:bc:12:44:34:b2))'])
+
+ovs-appctl time/warp 1000
+ovs-appctl time/warp 1000
+
+AT_CHECK([ovs-appctl tnl/neigh/show | grep br | sort], [0], [dnl
+1.1.2.92                                      f8:bc:12:44:34:b2   br0
+])
+
 dnl Receive ARP reply without VLAN header
 AT_CHECK([ovs-vsctl set port br0 tag=0])
 AT_CHECK([ovs-appctl tnl/neigh/flush], [0], [OK