[ovs-dev] [PATCH ovs] ofproto-dpif-xlate: Allow specific tunnel packets sent outside.

xiangxia.m.yue at gmail.com xiangxia.m.yue at gmail.com
Sat Jan 30 14:56:11 UTC 2021


From: Tonghao Zhang <xiangxia.m.yue at gmail.com>

This patch adds more strict limitation to tunnel packets.
If the source and destination address are the local address.
the tunnel packets will be sent to outside.

This is useful, for example, if we upgrade the openvswitch:
One OvS may send these packets outside, and the physical switch
can send that packets back in hairpin mode, then other OvS may
process them.

Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
---
 ofproto/ofproto-dpif-xlate.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index 7108c8a30138..80c631993f05 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -4101,7 +4101,15 @@ terminate_native_tunnel(struct xlate_ctx *ctx, struct flow *flow,
         }
     }
 
-    return *tnl_port != ODPP_NONE;
+    /* Allow tunnel packets which source, and destination address
+     * are the local address to be sent outside. */
+    if (*tnl_port != ODPP_NONE &&
+        (flow->nw_src != flow->nw_dst ||
+         !ipv6_addr_equals(&flow->ipv6_src, &flow->ipv6_dst))) {
+        return true;
+    }
+    
+    return false;
 }
 
 static void
-- 
2.27.0



More information about the dev mailing list