From: Tonghao Zhang <[email protected]> This patch adds more strict limitation to tunnel packets. If the source and destination address are the local address. the tunnel packets will be sent to outside.
This is useful, for example, if we upgrade the openvswitch: One OvS may send these packets outside, and the physical switch can send that packets back in hairpin mode, then other OvS may process them. Signed-off-by: Tonghao Zhang <[email protected]> --- ofproto/ofproto-dpif-xlate.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index 7108c8a30138..80c631993f05 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -4101,7 +4101,15 @@ terminate_native_tunnel(struct xlate_ctx *ctx, struct flow *flow, } } - return *tnl_port != ODPP_NONE; + /* Allow tunnel packets which source, and destination address + * are the local address to be sent outside. */ + if (*tnl_port != ODPP_NONE && + (flow->nw_src != flow->nw_dst || + !ipv6_addr_equals(&flow->ipv6_src, &flow->ipv6_dst))) { + return true; + } + + return false; } static void -- 2.27.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
