[ovs-dev] [PATCH 0/2] ofproto-dpif-xlate: remove unneeded vlan check

Hunt Xu mhuntxu at gmail.com
Mon Oct 31 18:39:28 UTC 2016

Hi folks,

At the very beginning I was just trying to modify packets ingressing from an
access port, using "mod_vlan_vid" & "NORMAL" to change the VLAN vid, expecting
them to be then switched to the ports which carries the dest VLAN. However,
I failed.

I used "ovs-appctl ofproto/trace" to debug, then got a "disallowed VLAN VID
for this input port, dropping" message. This happens when I use "mod_vlan_vid"
or "strip_vlan" before "normal", to change a packet's VLAN VID to a value
other than the tag property of an access port, or to a value not specified in
the trunks column of a trunk port.

By navigating the source code I find that there is a check about VLAN VID
when translating the NORMAL action, preventing packets with changed VLAN VID
to be switched to new VLANs which the originated port doesn't carry.

This puzzles me. It seems to me that if a packet's VLAN VID is changed before
entering the "normal" processing, it should be considered as a packet on the
new VLAN and switched to ports on that VLAN, instead of the current behavior
of being dropped. Although the FAQ says the configuration of VLANs in the
OpenvSwitch database only affects "normal switching", it is not clear that
what is the behavior when we combine other OpenFlow actions with "NORMAL".

I also find that there is a similar check when mirroring packets. Given that
when working with OpenFlow, an access port can in fact receive/send packets
with VLAN VID different from its tag, a trunk port can also receive/send
packets with VLAN VID that it doesn't trunks, and VLAN can be selected when
doing mirroring. Such a check seems to be redundant. It only prevents packets
which are not handled by the "normal switching" from being mirrored.

In this series, patch 1 removes the vlan check in the translation of the
NORMAL action, when a packet's VLAN VID is supposed to be changed before
entering the "normal switching", making packets whose VLAN VID are changed can
be switched to the dest VLAN despite of the VLANs configuration of the
originated port. Patch 2 removes the vlan check when mirroring packets.

However, if the current behavior is considered correct by design, I am sorry
for the misunderstanding and please ignore this series.

Hunt Xu (2):
  ofproto-dpif-xlate: don't check vlan in normal action if vid changed
  ofproto-dpif-xlate: remove vlan checking when mirroring packets

 ofproto/ofproto-dpif-xlate.c |  55 ++++++++-------
 tests/ofproto-dpif.at        | 161 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 193 insertions(+), 23 deletions(-)


More information about the dev mailing list