> -----Original Message-----
> From: Ilya Maximets <[email protected]>
> Sent: Monday, May 13, 2019 5:02 PM
> To: [email protected]
> Cc: Ian Stokes <[email protected]>; Flavio Leitner <[email protected]>;
> Ophir Munk <[email protected]>; Kevin Traynor
> <[email protected]>; Roni Bar Yanai <[email protected]>; Ilya
> Maximets <[email protected]>
> Subject: [PATCH 2/2] dpif-netdev: Forbid vport offloading attempts.
>
> 'netdev_flow_put()' for vports could eventually succeed for userspace
> datapath in case there is a kernel datapath with similar vport at the same
> time. The root cause is that vports like 'vxlan' uses same 'vxlan_sys_<port>'
> system interfaces for flow offloading and there is no way to distinguish
> system and userspace vports using only 'netdev' structure.
>
> Let's forbid vport offloading from userspace datapath to avoid installing
> userspace flows to unrelated system devices.
>
> Future dynamic flow API management will allow to enable vport offloading
> back using more flexible checks.
>
> Fixes: 241bad15d99a ("dpif-netdev: associate flow with a mark id")
The "Fixes ..." is not relevant to this patch.
> Reported-by: Ophir Munk <[email protected]>
> Signed-off-by: Ilya Maximets <[email protected]>
> ---
> lib/dpif-netdev.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 4ee367556..4f7f0956e
> 100644
> --- a/lib/dpif-netdev.c
> +++ b/lib/dpif-netdev.c
> @@ -2381,7 +2381,7 @@ dp_netdev_flow_offload_put(struct
> dp_flow_offload_item *offload)
>
> ovs_mutex_lock(&pmd->dp->port_mutex);
> port = dp_netdev_lookup_port(pmd->dp, in_port);
> - if (!port) {
> + if (!port ||
> + netdev_vport_is_vport_class(port->netdev->netdev_class)) {
> ovs_mutex_unlock(&pmd->dp->port_mutex);
> goto err_free;
> }
> --
> 2.17.1
Regards,
Ophir
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
