[ovs-dev] [PATCH] ofproto-dpif-xlate: Prevent duplicating of traffic to a mirror port

[Roi Dayan]

From: Dmytro Linkin <dmitrolin at mellanox.com>

Currently ofproto design disallow duplicating output packet on forwarding
and mirroring to/from same ovs port. Next scenario reveal lack of design:
1. Send ping between regular ovs ports (VFs, for ex.), stop it.
2. While rule still exist, make mirror for one of the ports.
Prevent duplicating of traffic to a mirror port.

Fixes: 86e2dcddce85 ("dpif-xlate: Snoop multicast packets and send them properly")
Signed-off-by: Dmytro Linkin <dmitrolin at mellanox.com>
Acked-by: Roi Dayan <roid at mellanox.com>
---
 ofproto/ofproto-dpif-xlate.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index f92cb62c80ce..935a44dd07c2 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -3118,6 +3118,19 @@ xlate_normal(struct xlate_ctx *ctx)
 
         if (mac_port) {
             struct xbundle *mac_xbundle = xbundle_lookup(ctx->xcfg, mac_port);
+
+            /* Drop frames if output port is a mirror port. */
+            if (mac_xbundle && xbundle_mirror_out(ctx->xbridge, mac_xbundle)) {
+                if (ctx->xin->packet != NULL) {
+                    xlate_report_error(ctx, "dropping packet received on port %s, "
+                                       "which is reserved exclusively for mirroring",
+                                       mac_xbundle->name);
+                }
+                xlate_report(ctx, OFT_WARN,
+                             "output port is a mirror port, dropping");
+                return;
+            }
+
             if (mac_xbundle
                 && mac_xbundle != in_xbundle
                 && mac_xbundle->ofbundle != in_xbundle->ofbundle) {
-- 
2.8.4