[ovs-dev] [RFC] vlan: Make sure vlan tci mask has exact match for VLAN_CFI.

Alex Wang alexw at nicira.com
Thu Jun 4 06:21:50 UTC 2015


OVS datapath has check which prevents the installation of flow
that matches VLAN TCI but does not have exact match for VLAN_CFI
bit.  However, the ovs userspace does not enforce it, so OpenFlow
flow like "vlan_tci=0x000a/0x0fff,action=output:local" can be added
to ovs.  Subsequently, the generated megaflow will have match
field for vlan like "vlan(vid=5/0xfff,pcp=0/0x0,cfi=1/0)".

With the OVS datapath check, the installation of such megaflow
will be rejected with:
"|WARN|system at ovs-system: failed to put[create][modify] (Invalid argument)"

This commit adds a check in userspace that mark the vlan mask
invalid if it does not exact match for VLAN_CFI.  So users will
be asked to provide correct mask.

Reported-by: Ronald Lee <ronaldlee at vmware.com>
Signed-off-by: Alex Wang <alexw at nicira.com>
---
 lib/meta-flow.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/meta-flow.c b/lib/meta-flow.c
index 3bdca62..dfebc6c 100644
--- a/lib/meta-flow.c
+++ b/lib/meta-flow.c
@@ -252,7 +252,11 @@ mf_is_mask_valid(const struct mf_field *mf, const union mf_value *mask)
                 is_all_ones(mask, mf->n_bytes));
 
     case MFM_FULLY:
-        return true;
+        if (mf->id == MFF_VLAN_TCI) {
+            return mask->be16 & htons(VLAN_CFI);
+        } else {
+            return true;
+        }
     }
 
     OVS_NOT_REACHED();
-- 
1.7.9.5




More information about the dev mailing list