[ovs-dev] [cfm 1/4] cfm: No longer trigger fault upon unexpected ccm_interval.
Ethan Jackson
ethan at nicira.com
Fri May 13 18:31:42 UTC 2011
Thanks for the review. I changed the comment in the code to the following.
/* According to the 802.1ag specification, reception of a CCM
* with an incorrect ccm_interval should trigger a fault. We
* ignore this requirement for several reasons.
*
* Faults can cause a controller or Open vSwitch to make
* potentially expensive changes to the network topology. It
* seems prudent to trigger them judiciously, especially when
* CFM is used to check slave status of bonds. Furthermore,
* faults can be maliciously triggered by crafting invalid
* CCMs. */
On Fri, May 13, 2011 at 10:05, Ben Pfaff <blp at nicira.com> wrote:
> On Thu, May 12, 2011 at 02:44:10PM -0700, Ethan Jackson wrote:
>> According to the 802.1ag specification, when a CCM is received
>> which advertises a misconfigured transmission interval, a fault
>> should be triggered. This patch goes against the spec by simply
>> warning when this happens. This is done for several reasons.
>>
>> - Faults can cause controllers to make potentially expensive
>> changes in the network topology.
>> - Faults can be maliciously triggered by crafting invalid CCMs.
>> - Reducing the number of places in the code where rmp->fault and
>> cfm->fault are changed makes the code easier to debug and
>> reason about.
>
> I think that the change is OK but the comment in the code itself
> should list at least the first two reasons above, not just the third,
> which isn't nearly as good as rationale.
>
> Thanks,
>
> Ben.
>
More information about the dev
mailing list