diff options
| author | Han Ding <handing@chinatelecom.cn> | 2022-10-19 23:06:54 +0800 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-11-02 19:32:36 +0100 |
| commit | a1de888ab1a4a74dfa6a46b153184fc7dddce6eb (patch) | |
| tree | c9d64e5230f5dd98a5521a84875ae7c940961dd7 /ofproto | |
| parent | 2158254fcbd97620151525a8aa91b0a040927690 (diff) | |
| download | openvswitch-a1de888ab1a4a74dfa6a46b153184fc7dddce6eb.tar.gz | |
ofproto-dpif-xlate: Update tunnel neighbor when receive gratuitous ARP.
OVS now just allow the ARP Reply which the destination address is matched
against the known xbridge addresses to update tunnel neighbor. So when OVS
receive the gratuitous ARP from underlay gateway which the source address
and destination address are all gateway IP, tunnel neighbor will not be updated.
Fixes: ba07cf222a0c ("Handle gratuitous ARP requests and replies in tnl_arp_snoop()")
Fixes: 83c2757bd16e ("xlate: Move tnl_neigh_snoop() to terminate_native_tunnel()")
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Han Ding <handing@chinatelecom.cn>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'ofproto')
| -rw-r--r-- | ofproto/ofproto-dpif-xlate.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index 5d2af93fa..a9cf3cbee 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -4178,6 +4178,16 @@ xport_has_ip(const struct xport *xport) return n_in6 ? true : false; } +static bool check_neighbor_reply(struct xlate_ctx *ctx, struct flow *flow) +{ + if (flow->dl_type == htons(ETH_TYPE_ARP) || + flow->nw_proto == IPPROTO_ICMPV6) { + return is_neighbor_reply_correct(ctx, flow); + } + + return false; +} + static bool terminate_native_tunnel(struct xlate_ctx *ctx, const struct xport *xport, struct flow *flow, struct flow_wildcards *wc, @@ -4198,9 +4208,7 @@ terminate_native_tunnel(struct xlate_ctx *ctx, const struct xport *xport, /* If no tunnel port was found and it's about an ARP or ICMPv6 packet, * do tunnel neighbor snooping. */ if (*tnl_port == ODPP_NONE && - (flow->dl_type == htons(ETH_TYPE_ARP) || - flow->nw_proto == IPPROTO_ICMPV6) && - is_neighbor_reply_correct(ctx, flow)) { + (check_neighbor_reply(ctx, flow) || is_garp(flow, wc))) { tnl_neigh_snoop(flow, wc, ctx->xbridge->name, ctx->xin->allow_side_effects); } else if (*tnl_port != ODPP_NONE && |