[ovs-dev] [PATCH] tunneling: Don't match on source IP address for native tunnels.
Pravin Shelar
pshelar at nicira.com
Thu Jun 25 03:40:46 UTC 2015
On Wed, Jun 24, 2015 at 2:55 PM, Jesse Gross <jesse at nicira.com> wrote:
> When doing native tunneling, we look at packets destined to the
> local port to see if they match tunnel protocols that we should
> intercept. The criteria are IP protocol, destination UDP port, etc.
>
> However, we also look at the source IP address of the packets. This
> should be a function of the port-based tunnel layer and not the
> tunnel receive code itself. For comparison, the kernel tunnel code
> has no idea about the IP addresses of its link partners. If port
> based tunnel is desired, it can be handled using the normal port
> tunnel layer, regardless of whether the packets originally came
> from userspace or the kernel.
>
> For port based tunneling, this bug has no effect - the check is
> simply redundant. However, it breaks flow-based native tunnels
> because the remote IP address is not known at port creation time.
>
> CC: Pravin Shelar <pshelar at nicira.com>
> Reported-by: David Griswold <David.Griswold at overturenetworks.com>
> Signed-off-by: Jesse Gross <jesse at nicira.com>
Can you add this test case?
> ---
> lib/tnl-ports.c | 15 +++++----------
> lib/tnl-ports.h | 4 ++--
> ofproto/tunnel.c | 5 ++---
> 3 files changed, 9 insertions(+), 15 deletions(-)
>
> diff --git a/lib/tnl-ports.c b/lib/tnl-ports.c
> index a0a73c8..79c9631 100644
> --- a/lib/tnl-ports.c
> +++ b/lib/tnl-ports.c
> @@ -56,7 +56,7 @@ tnl_port_free(struct tnl_port_in *p)
> }
>
> static void
> -tnl_port_init_flow(struct flow *flow, ovs_be32 ip_dst, ovs_be16 udp_port)
> +tnl_port_init_flow(struct flow *flow, ovs_be16 udp_port)
> {
> memset(flow, 0, sizeof *flow);
> flow->dl_type = htons(ETH_TYPE_IP);
> @@ -66,21 +66,17 @@ tnl_port_init_flow(struct flow *flow, ovs_be32 ip_dst, ovs_be16 udp_port)
> flow->nw_proto = IPPROTO_GRE;
> }
> flow->tp_dst = udp_port;
> - /* When matching on incoming flow from remove tnl end point,
> - * our dst ip address is source ip for them. */
> - flow->nw_src = ip_dst;
> }
>
> void
> -tnl_port_map_insert(odp_port_t port, ovs_be32 ip_dst, ovs_be16 udp_port,
> - const char dev_name[])
> +tnl_port_map_insert(odp_port_t port, ovs_be16 udp_port, const char dev_name[])
> {
> const struct cls_rule *cr;
> struct tnl_port_in *p;
> struct match match;
>
> memset(&match, 0, sizeof match);
> - tnl_port_init_flow(&match.flow, ip_dst, udp_port);
> + tnl_port_init_flow(&match.flow, udp_port);
>
> ovs_mutex_lock(&mutex);
> do {
> @@ -97,7 +93,6 @@ tnl_port_map_insert(odp_port_t port, ovs_be32 ip_dst, ovs_be16 udp_port,
> match.wc.masks.nw_proto = 0xff;
> match.wc.masks.nw_frag = 0xff; /* XXX: No fragments support. */
> match.wc.masks.tp_dst = OVS_BE16_MAX;
> - match.wc.masks.nw_src = OVS_BE32_MAX;
>
> cls_rule_init(&p->cr, &match, 0, CLS_MIN_VERSION); /* Priority == 0. */
> ovs_refcount_init(&p->ref_cnt);
> @@ -123,12 +118,12 @@ tnl_port_unref(const struct cls_rule *cr)
> }
>
> void
> -tnl_port_map_delete(ovs_be32 ip_dst, ovs_be16 udp_port)
> +tnl_port_map_delete(ovs_be16 udp_port)
> {
> const struct cls_rule *cr;
> struct flow flow;
>
> - tnl_port_init_flow(&flow, ip_dst, udp_port);
> + tnl_port_init_flow(&flow, udp_port);
>
> cr = classifier_lookup(&cls, CLS_MAX_VERSION, &flow, NULL);
> tnl_port_unref(cr);
> diff --git a/lib/tnl-ports.h b/lib/tnl-ports.h
> index 37a689f..8e4911d 100644
> --- a/lib/tnl-ports.h
> +++ b/lib/tnl-ports.h
> @@ -26,10 +26,10 @@
>
> odp_port_t tnl_port_map_lookup(struct flow *flow, struct flow_wildcards *wc);
>
> -void tnl_port_map_insert(odp_port_t port, ovs_be32 ip_dst, ovs_be16 udp_port,
> +void tnl_port_map_insert(odp_port_t port, ovs_be16 udp_port,
> const char dev_name[]);
>
> -void tnl_port_map_delete(ovs_be32 ip_dst, ovs_be16 udp_port);
> +void tnl_port_map_delete(ovs_be16 udp_port);
>
> void tnl_port_map_init(void);
>
> diff --git a/ofproto/tunnel.c b/ofproto/tunnel.c
> index d2ac7c6..42f760e 100644
> --- a/ofproto/tunnel.c
> +++ b/ofproto/tunnel.c
> @@ -195,8 +195,7 @@ tnl_port_add__(const struct ofport_dpif *ofport, const struct netdev *netdev,
> tnl_port_mod_log(tnl_port, "adding");
>
> if (native_tnl) {
> - tnl_port_map_insert(odp_port, tnl_port->match.ip_dst,
> - cfg->dst_port, name);
> + tnl_port_map_insert(odp_port, cfg->dst_port, name);
> }
> return true;
> }
> @@ -263,7 +262,7 @@ tnl_port_del__(const struct ofport_dpif *ofport) OVS_REQ_WRLOCK(rwlock)
> netdev_get_tunnel_config(tnl_port->netdev);
> struct hmap **map;
>
> - tnl_port_map_delete(tnl_port->match.ip_dst, cfg->dst_port);
> + tnl_port_map_delete(cfg->dst_port);
> tnl_port_mod_log(tnl_port, "removing");
> map = tnl_match_map(&tnl_port->match);
> hmap_remove(*map, &tnl_port->match_node);
> --
Patch looks good to me.
More information about the dev
mailing list