Currently, OVS snoops any ARP or ND packets in any bridge and populates the tunnel neighbor cache with the retrieved data. For instance, when ARP reply originated by a tenant is received on an overlay bridge, the ARP packet is snooped and tunnel neighbor cache is filled with tenant addresses, however only actual tunnel neighbor data should be stored there. In worst case tunnel peer data could be overwritten in the cache.
This series resolves the issue by limiting the range of ARP and ND packets being snooped to only those that are addressed to potential local tunnel endpoints. v3 -> v4: - Rebased to master (commit 4b337e489b) - Failing unit test case with v3 fixed by commit 8f0e86f84 - Improved commit messages Zoltan Balogh (2): tests: Inject ARP replies for snoop tests on different port xlate: Move tnl_neigh_snoop() to terminate_native_tunnel() include/sparse/netinet/in.h | 10 +++ ofproto/ofproto-dpif-xlate.c | 147 ++++++++++++++++++++++++++++++++++++++++-- tests/tunnel-push-pop-ipv6.at | 78 ++++++++++++++++++++-- tests/tunnel-push-pop.at | 91 ++++++++++++++++++++++---- 4 files changed, 299 insertions(+), 27 deletions(-) -- 1.9.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
