[ovs-dev] [PATCH 10/10] Clarify tunnel wildcarding.
Jarno Rajahalme
jrajahalme at nicira.com
Fri Apr 11 19:28:48 UTC 2014
Andy noted offline that matching on the in_port will prevent tunneled packets matching with non-tunneled flows. Tunnels have their own datapath port number and we always unwildcard the in_port. SO, I’ll just update the comment and the commit description.
Jarno
On Apr 11, 2014, at 11:12 AM, Jarno Rajahalme <jrajahalme at nicira.com> wrote:
> Upon further research I think I was wrong about this, and we actually need to unwildcard the ‘tun_dst’ bits to prevent tunneled packets matching on non-tunneled flows.
>
> I’ll send a revised patch soon.
>
> Jarno
>
> On Apr 9, 2014, at 1:38 PM, Ben Pfaff <blp at nicira.com> wrote:
>
>> On Tue, Apr 08, 2014 at 04:38:52PM -0700, Jarno Rajahalme wrote:
>>> It would seem that we should set the 'tun_dst' in 'wc' when calling
>>> tnl_port_should_receive(), as it is reading that flow field.
>>>
>>> However, tnl_port_should_receive() returns true, if the flow has
>>> tunnel metadata. If there is no tunnel metadata, then there is
>>> nothing to mask, so we do not set the 'ip_dst' field in the 'wc' if
>>> this test fails, even though we used that field to determine the
>>> non-presence of the tunnel metadata.
>>>
>>> Datapath flow matching ensures that a key that does not include tunnel
>>> metadata cannot match a tunneled packet.
>>>
>>> Signed-off-by: Jarno Rajahalme <jrajahalme at nicira.com>
>>
>> Acked-by: Ben Pfaff <blp at nicira.com>
>
More information about the dev
mailing list