[ovs-dev] [PATCH] tunneling: Don't match on source IP address for native tunnels.

Jesse Gross jesse at nicira.com
Thu Jun 25 22:41:41 UTC 2015


On Wed, Jun 24, 2015 at 8:40 PM, Pravin Shelar <pshelar at nicira.com> wrote:
> On Wed, Jun 24, 2015 at 2:55 PM, Jesse Gross <jesse at nicira.com> wrote:
>> When doing native tunneling, we look at packets destined to the
>> local port to see if they match tunnel protocols that we should
>> intercept. The criteria are IP protocol, destination UDP port, etc.
>>
>> However, we also look at the source IP address of the packets. This
>> should be a function of the port-based tunnel layer and not the
>> tunnel receive code itself. For comparison, the kernel tunnel code
>> has no idea about the IP addresses of its link partners. If port
>> based tunnel is desired, it can be handled using the normal port
>> tunnel layer, regardless of whether the packets originally came
>> from userspace or the kernel.
>>
>> For port based tunneling, this bug has no effect - the check is
>> simply redundant. However, it breaks flow-based native tunnels
>> because the remote IP address is not known at port creation time.
>>
>> CC: Pravin Shelar <pshelar at nicira.com>
>> Reported-by: David Griswold <David.Griswold at overturenetworks.com>
>> Signed-off-by: Jesse Gross <jesse at nicira.com>
>
> Can you add this test case?
[...]
> Patch looks good to me.

Thanks, I added a test case and pushed to branch-2.4 and master.



More information about the dev mailing list