diff options
author | Jesse Gross <jesse@nicira.com> | 2015-06-24 14:44:50 -0700 |
---|---|---|
committer | Jesse Gross <jesse@nicira.com> | 2015-06-25 15:24:31 -0700 |
commit | eaac0f22b95c34e99a4c14910359148726f9725c (patch) | |
tree | a63da816b6649831ea753c2aeb968197e7706157 /lib/tnl-ports.c | |
parent | bd8baf47a11a00563f7096ea51f4fc9446a321c0 (diff) | |
download | openvswitch-eaac0f22b95c34e99a4c14910359148726f9725c.tar.gz |
tunneling: Don't match on source IP address for native tunnels.
When doing native tunneling, we look at packets destined to the
local port to see if they match tunnel protocols that we should
intercept. The criteria are IP protocol, destination UDP port, etc.
However, we also look at the source IP address of the packets. This
should be a function of the port-based tunnel layer and not the
tunnel receive code itself. For comparison, the kernel tunnel code
has no idea about the IP addresses of its link partners. If port
based tunnel is desired, it can be handled using the normal port
tunnel layer, regardless of whether the packets originally came
from userspace or the kernel.
For port based tunneling, this bug has no effect - the check is
simply redundant. However, it breaks flow-based native tunnels
because the remote IP address is not known at port creation time.
CC: Pravin Shelar <pshelar@nicira.com>
Reported-by: David Griswold <David.Griswold@overturenetworks.com>
Tested-by: David Griswold <David.Griswold@overturenetworks.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Diffstat (limited to 'lib/tnl-ports.c')
-rw-r--r-- | lib/tnl-ports.c | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/lib/tnl-ports.c b/lib/tnl-ports.c index a0a73c85d..79c9631bd 100644 --- a/lib/tnl-ports.c +++ b/lib/tnl-ports.c @@ -56,7 +56,7 @@ tnl_port_free(struct tnl_port_in *p) } static void -tnl_port_init_flow(struct flow *flow, ovs_be32 ip_dst, ovs_be16 udp_port) +tnl_port_init_flow(struct flow *flow, ovs_be16 udp_port) { memset(flow, 0, sizeof *flow); flow->dl_type = htons(ETH_TYPE_IP); @@ -66,21 +66,17 @@ tnl_port_init_flow(struct flow *flow, ovs_be32 ip_dst, ovs_be16 udp_port) flow->nw_proto = IPPROTO_GRE; } flow->tp_dst = udp_port; - /* When matching on incoming flow from remove tnl end point, - * our dst ip address is source ip for them. */ - flow->nw_src = ip_dst; } void -tnl_port_map_insert(odp_port_t port, ovs_be32 ip_dst, ovs_be16 udp_port, - const char dev_name[]) +tnl_port_map_insert(odp_port_t port, ovs_be16 udp_port, const char dev_name[]) { const struct cls_rule *cr; struct tnl_port_in *p; struct match match; memset(&match, 0, sizeof match); - tnl_port_init_flow(&match.flow, ip_dst, udp_port); + tnl_port_init_flow(&match.flow, udp_port); ovs_mutex_lock(&mutex); do { @@ -97,7 +93,6 @@ tnl_port_map_insert(odp_port_t port, ovs_be32 ip_dst, ovs_be16 udp_port, match.wc.masks.nw_proto = 0xff; match.wc.masks.nw_frag = 0xff; /* XXX: No fragments support. */ match.wc.masks.tp_dst = OVS_BE16_MAX; - match.wc.masks.nw_src = OVS_BE32_MAX; cls_rule_init(&p->cr, &match, 0, CLS_MIN_VERSION); /* Priority == 0. */ ovs_refcount_init(&p->ref_cnt); @@ -123,12 +118,12 @@ tnl_port_unref(const struct cls_rule *cr) } void -tnl_port_map_delete(ovs_be32 ip_dst, ovs_be16 udp_port) +tnl_port_map_delete(ovs_be16 udp_port) { const struct cls_rule *cr; struct flow flow; - tnl_port_init_flow(&flow, ip_dst, udp_port); + tnl_port_init_flow(&flow, udp_port); cr = classifier_lookup(&cls, CLS_MAX_VERSION, &flow, NULL); tnl_port_unref(cr); |