[ovs-dev] [PATCH 10/10] Clarify tunnel wildcarding.
Jarno Rajahalme
jrajahalme at nicira.com
Fri Apr 11 18:12:54 UTC 2014
Upon further research I think I was wrong about this, and we actually need to unwildcard the ‘tun_dst’ bits to prevent tunneled packets matching on non-tunneled flows.
I’ll send a revised patch soon.
Jarno
On Apr 9, 2014, at 1:38 PM, Ben Pfaff <blp at nicira.com> wrote:
> On Tue, Apr 08, 2014 at 04:38:52PM -0700, Jarno Rajahalme wrote:
>> It would seem that we should set the 'tun_dst' in 'wc' when calling
>> tnl_port_should_receive(), as it is reading that flow field.
>>
>> However, tnl_port_should_receive() returns true, if the flow has
>> tunnel metadata. If there is no tunnel metadata, then there is
>> nothing to mask, so we do not set the 'ip_dst' field in the 'wc' if
>> this test fails, even though we used that field to determine the
>> non-presence of the tunnel metadata.
>>
>> Datapath flow matching ensures that a key that does not include tunnel
>> metadata cannot match a tunneled packet.
>>
>> Signed-off-by: Jarno Rajahalme <jrajahalme at nicira.com>
>
> Acked-by: Ben Pfaff <blp at nicira.com>
More information about the dev
mailing list