On Sun, Jan 27, 2013 at 04:58:05PM -0800, Ethan Jackson wrote:
> Before this patch, if a packet came in on a port which userspace
> doesn't know about, it would be silently dropped without installing
> a drop flow. Historically, this has been fine because this
> situation could only occur during transient reconfiguration
> periods. However, in future, this could occur when the tunneling
> code decides to reject a packet due to invalid headers. In this
> case, it's preferable to drop the packet in the kernel to avoid a
> high bandwidth stream of invalid packets DoSing the switch.
>
> Signed-off-by: Ethan Jackson <[email protected]>
I think it would be better to create a real data structure for
handling these, instead of using (I'm close to saying "abusing")
struct ofpbuf for the purpose.
I think there is a minor memory leak in here, because I see a new
hmap_init() but no hmap_destroy().
> @@ -844,6 +850,12 @@ type_run(const char *type)
> case REV_INCONSISTENCY: COVERAGE_INC(rev_inconsistency); break;
> }
>
> + if (backer->need_revalidate) {
> + /* Clear the drop_keys in case we should now be accepting some
> + * formally dropped flows. */
Do you mean "formerly"?
In update_stats(), I think that we could save some time by only
calling drop_key_lookup() if ofproto_receive() returns ENODEV, since
drop keys should not be the common case.
Thanks,
Ben.
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
