[ovs-dev] [PATCH v4 0/2] Fix tunnel neighbor cache population

Jan Scheurich jan.scheurich at ericsson.com
Wed Apr 4 21:57:52 UTC 2018

Currently, OVS snoops any ARP or ND packets in any bridge and populates
the tunnel neighbor cache with the retrieved data. For instance, when
ARP reply originated by a tenant is received on an overlay bridge, the
ARP packet is snooped and tunnel neighbor cache is filled with tenant
addresses, however only actual tunnel neighbor data should be stored
there. In worst case tunnel peer data could be overwritten in the cache.

This series resolves the issue by limiting the range of ARP and ND
packets being snooped to only those that are addressed to potential
local tunnel endpoints.

v3 -> v4:
  - Rebased to master (commit 4b337e489b)
  - Failing unit test case with v3 fixed by commit 8f0e86f84
  - Improved commit messages

Zoltan Balogh (2):
  tests: Inject ARP replies for snoop tests on different port
  xlate: Move tnl_neigh_snoop() to terminate_native_tunnel()

 include/sparse/netinet/in.h   |  10 +++
 ofproto/ofproto-dpif-xlate.c  | 147 ++++++++++++++++++++++++++++++++++++++++--
 tests/tunnel-push-pop-ipv6.at |  78 ++++++++++++++++++++--
 tests/tunnel-push-pop.at      |  91 ++++++++++++++++++++++----
 4 files changed, 299 insertions(+), 27 deletions(-)


More information about the dev mailing list