diff options
| author | Zoltan Balogh <zoltan.balogh.eth@gmail.com> | 2018-04-04 23:57:54 +0200 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2018-04-18 16:38:26 -0700 |
| commit | 83c2757bd16e86f6a2d5a69e94f890087e8df294 (patch) | |
| tree | cc7f1cd9eeb46b8dc812b397e42ebe5029eb071a /include/sparse | |
| parent | 2ce9e71bb960e802a6040cc22ae6c4b0e21b32c4 (diff) | |
| download | openvswitch-83c2757bd16e86f6a2d5a69e94f890087e8df294.tar.gz | |
xlate: Move tnl_neigh_snoop() to terminate_native_tunnel()
Currently OVS snoops any ARP or ND packets in any bridge and populates
the tunnel neighbor cache with the retreived data. For instance, when
an ARP reply originated by a tenant is received in an overlay bridge, the
ARP packet is snooped and tunnel neighbor cache is filled with tenant
address information. This is at best useless as tunnel endpoints can only
reside on an underlay bridge.
The real problem starts if different tenants on the overlay bridge have
overlapping IP addresses such that they keep overwriting each other's
pseudo tunnel neighbor entries. These frequent updates are treated as
configuration changes and trigger revalidation each time, thus causing
a lot of useless revalidation load on the system.
To keep the ARP neighbor cache clean, this patch moves tunnel neighbor
snooping from the generic function do_xlate_actions() to the specific
funtion terminate_native_tunnel() in compose_output_action(). Thus,
only ARP and Neighbor Advertisement packets addressing a local
tunnel endpoint (on the LOCAL port of the underlay bridge) are snooped.
In order to achieve this, IP addresses of the bridge ports are retrieved
and then stored in xbridge by calling xlate_xbridge_set(). The
destination address extracted from the ARP or Neighbor Advertisement
packet is then matched against the known xbridge addresses in
is_neighbor_reply_correct() to filter the snooped packets further.
Signed-off-by: Zoltan Balogh <zoltan.balogh.eth@gmail.com>
Co-authored-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Jan Scheurich <jan.scheurich@ericsson.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'include/sparse')
| -rw-r--r-- | include/sparse/netinet/in.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/sparse/netinet/in.h b/include/sparse/netinet/in.h index 6abdb2331..eea41bd7f 100644 --- a/include/sparse/netinet/in.h +++ b/include/sparse/netinet/in.h @@ -123,6 +123,16 @@ struct sockaddr_in6 { (X)->s6_addr[10] == 0xff && \ (X)->s6_addr[11] == 0xff) +#define IN6_IS_ADDR_MC_LINKLOCAL(a) \ + (((const uint8_t *) (a))[0] == 0xff && \ + (((const uint8_t *) (a))[1] & 0xf) == 0x2) + +# define IN6_ARE_ADDR_EQUAL(a,b) \ + ((((const uint32_t *) (a))[0] == ((const uint32_t *) (b))[0]) && \ + (((const uint32_t *) (a))[1] == ((const uint32_t *) (b))[1]) && \ + (((const uint32_t *) (a))[2] == ((const uint32_t *) (b))[2]) && \ + (((const uint32_t *) (a))[3] == ((const uint32_t *) (b))[3])) + #define INET_ADDRSTRLEN 16 #define INET6_ADDRSTRLEN 46 |