[ovs-dev] [PATCH] ovn: Set critical bit in Geneve option.

[Jesse Gross]

On Tue, Aug 16, 2016 at 2:04 PM, Russell Bryant <russell at ovn.org> wrote:
>
> On Tue, Aug 16, 2016 at 4:58 PM, Jesse Gross <jesse at kernel.org> wrote:
>>
>> Currently the Geneve option type that OVN uses is 0, which in
>> Geneve marks this as non-critical. Non-critical means that if a
>> receiver does not recognize this option, it is free to ignore it
>> and continue processing the packet.
>>
>> OVN uses its option to transmit things like input and output port
>> which are used to enforce security policies and direct packets to
>> their correct location. If the recipicient of a packet ignored this
>> information then it would likely be a security hole. This would seem
>> to qualify the option as critical.
>>
>> There's no issue in an instance of OVN as currently written - the
>> receiver will always match on the option data. However, if a
>> theoretical future version that did not use this option was connected
>> or a third-party component was introduced then it's possible that this
>> might be accidentally ignored.
>>
>> This patch changes the option type used by OVN to include the
>> critical bit to properly mark the intention. Obviously, this will
>> cause interoperability issues with any existing deployments but
>> it should be fine while OVN is still labeled as experimental.
>>
>> Signed-off-by: Jesse Gross <jesse at kernel.org>
>
>
> Thanks for the detailed explanation.  That makes sense to me.  For master
> and 2.6:
>
> Acked-by: Russell Bryant <russell at ovn.org>

Thanks - I applied this to master and branch-2.6.