The third byte of the Cisco MACs was just a typo in the commit message, it wasn't present where it counted.
On Wed, Jul 25, 2012 at 06:28:07PM -0700, Ben Basler wrote: > Ben, > > Your third byte of the Cisco MAC is incorrect - should read > 01:00:0c:c.:c.:c. instead of 01:00:00:c.:c.:c. > > Also have to be a bit more specific on the EDP/EAPS/ESRP MACs (i.e. let > 00:e0:2b:00:00:02 & 00:e0:2b:00:00:08 pass since those are for ESRP) which > OVS shouldn't block. Only MACs ending with 00/04/06 should be dropped. > > Cheers, > Ben > > -----Original Message----- > From: Ethan Jackson [mailto:et...@nicira.com] > Sent: Wednesday, July 25, 2012 1:14 PM > To: Ben Pfaff > Cc: Mehak Mahajan; dev@openvswitch.org; Ben Basler > Subject: Re: [ovs-dev] [PATCH] packets: First-hop router redundancy > protocol MAC addresses are not BPDUs. > > Ok, I'd like to review it too. > > Ethan > > On Wed, Jul 25, 2012 at 1:13 PM, Ben Pfaff <b...@nicira.com> wrote: > > I'm waiting for Ben Basler to review it. > > > > On Wed, Jul 25, 2012 at 01:12:45PM -0700, Ethan Jackson wrote: > >> Can you hold off on merging this a bit, I want to think about it. > >> > >> Ethan > >> > >> On Wed, Jul 25, 2012 at 1:12 PM, Mehak Mahajan <mmaha...@nicira.com> > wrote: > >> > Hey Ben, > >> > > >> > The patch looks good to me. > >> > > >> > As a side note, I do not see the documentation about OVS not > >> > forwarding the Extreme Discovery Protocol bpdus in vswitch.xml > >> > > >> > thanx! > >> > mehak > >> > > >> > > >> > On Wed, Jul 25, 2012 at 12:59 PM, Ben Pfaff <b...@nicira.com> wrote: > >> >> > >> >> Commit c93f9a78c349 (packets: Update the reserved protocols list.) > >> >> added a number of first-hop router redundancy protocol MAC > >> >> addresses to the list of BPDU MAC addresses. This means that > >> >> packets destined to those MAC addresses are dropped when > >> >> other-config:forward-bpdu is set to false on a bridge (the default > setting). > >> >> > >> >> However, this behavior is incorrect, because these MAC addresses > >> >> are not special in the way that, say, STP frames are special. STP > >> >> is a switch-to-switch protocol that end hosts have no use for, but > >> >> end hosts do speak directly to routers on the MAC addresses > >> >> assigned by VRRP and the other protocols in this category. > >> >> Therefore, dropping packets in this category means that end hosts > >> >> can no longer talk to their first-hop router, if that router is > >> >> running one of these protocols. > >> >> > >> >> Following this commit, OVS drops the following protocols when > >> >> other-config:forward-bpdu is false: > >> >> > >> >> - 01:08:c2:00:00:0x (STP, pause frames, other IEEE reserved > >> >> protocols). > >> >> - 00:e0:2b:00:0x:xx (Extreme Discovery Protocol). > >> >> - 01:00:0c:00:00:00 (Cisco Inter Switch Link). > >> >> - 01:00:00:c.:c.:c. where each . is either c or d (CDP, VTP, > >> >> DTP, PAgP, > >> >> PVSTP+, STP Uplink Fast, and others). > >> >> > >> >> Bug #12618. > >> >> CC: Ben Basler <bbas...@nicira.com> > >> >> Signed-off-by: Ben Pfaff <b...@nicira.com> > >> >> --- > >> >> lib/packets.c | 25 ++----------------------- > >> >> vswitchd/vswitch.xml | 16 ---------------- > >> >> 2 files changed, 2 insertions(+), 39 deletions(-) > >> >> > >> >> diff --git a/lib/packets.c b/lib/packets.c index 5729167..37a8593 > >> >> 100644 > >> >> --- a/lib/packets.c > >> >> +++ b/lib/packets.c > >> >> @@ -43,9 +43,8 @@ dpid_from_string(const char *s, uint64_t *dpidp) > >> >> return *dpidp != 0; > >> >> } > >> >> > >> >> -/* Returns true if 'ea' is a reserved multicast address, that a > >> >> bridge must > >> >> - * never forward, false otherwise. Includes some proprietary > >> >> vendor protocols > >> >> - * that shouldn't be forwarded as well. > >> >> +/* Returns true if 'ea' is a reserved address, that a bridge must > >> >> +never > >> >> + * forward, false otherwise. > >> >> * > >> >> * If you change this function's behavior, please update > corresponding > >> >> * documentation in vswitch.xml at the same time. */ @@ -62,26 > >> >> +61,6 @@ eth_addr_is_reserved(const uint8_t ea[ETH_ADDR_LEN]) > >> >> {0x01, 0x08, 0xc2, 0x00, 0x00, 0x00}, > >> >> {0xff, 0xff, 0xff, 0xff, 0xff, 0xf0}}, > >> >> > >> >> - { /* VRRP IPv4. */ > >> >> - {0x00, 0x00, 0x5e, 0x00, 0x01, 0x00}, > >> >> - {0xff, 0xff, 0xff, 0xff, 0xff, 0x00}}, > >> >> - > >> >> - { /* VRRP IPv6. */ > >> >> - {0x00, 0x00, 0x5e, 0x00, 0x02, 0x00}, > >> >> - {0xff, 0xff, 0xff, 0xff, 0xff, 0x00}}, > >> >> - > >> >> - { /* HSRPv1. */ > >> >> - {0x00, 0x00, 0x0c, 0x07, 0xac, 0x00}, > >> >> - {0xff, 0xff, 0xff, 0xff, 0xff, 0x00}}, > >> >> - > >> >> - { /* HSRPv2. */ > >> >> - {0x00, 0x00, 0x0c, 0x9f, 0xf0, 0x00}, > >> >> - {0xff, 0xff, 0xff, 0xff, 0xf0, 0x00}}, > >> >> - > >> >> - { /* GLBP. */ > >> >> - {0x00, 0x07, 0xb4, 0x00, 0x00, 0x00}, > >> >> - {0xff, 0xff, 0xff, 0x00, 0x00, 0x00}}, > >> >> - > >> >> { /* Extreme Discovery Protocol. */ > >> >> {0x00, 0xE0, 0x2B, 0x00, 0x00, 0x00}, > >> >> {0xff, 0xff, 0xff, 0xff, 0xf0, 0x00}}, diff --git > >> >> a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index > >> >> e6ea844..ed92de1 100644 > >> >> --- a/vswitchd/vswitch.xml > >> >> +++ b/vswitchd/vswitch.xml > >> >> @@ -569,22 +569,6 @@ > >> >> <dt><code>01:80:c2:00:00:0<var>x</var></code></dt> > >> >> <dd>Other reserved protocols.</dd> > >> >> > >> >> - > <dt><code>00:00:5e:00:01:<var>x</var><var>x</var></code></dt> > >> >> - <dd> VRRP IPv4 virtual router MAC address. </dd> > >> >> - > >> >> - > <dt><code>00:00:5e:00:02:<var>x</var><var>x</var></code></dt> > >> >> - <dd> VRRP IPv6 virtual router MAC address. </dd> > >> >> - > >> >> - > <dt><code>00:00:0c:07:ac:<var>x</var><var>x</var></code></dt> > >> >> - <dd> HSRP Version 1. </dd> > >> >> - > >> >> - > >> >> <dt><code>00:00:0c:9f:f<var>x</var>:<var>x</var><var>x</var></code> > >> >> - </dt> > >> >> - <dd> HSRP Version 2. </dd> > >> >> - > >> >> - > >> >> > <dt><code>00:07:b4:<var>x</var><var>x</var>:<var>x</var><var>x</var>:<var> > x</var><var>x</var></code></dt> > >> >> - <dd> GLBP. </dd> > >> >> - > >> >> <dt><code>01:00:0c:cc:cc:cc</code></dt> > >> >> <dd> > >> >> Cisco Discovery Protocol (CDP), VLAN Trunking > >> >> Protocol (VTP), > >> >> -- > >> >> 1.7.2.5 > >> >> > >> >> _______________________________________________ > >> >> dev mailing list > >> >> dev@openvswitch.org > >> >> http://openvswitch.org/mailman/listinfo/dev > >> > > >> > > >> > > >> > _______________________________________________ > >> > dev mailing list > >> > dev@openvswitch.org > >> > http://openvswitch.org/mailman/listinfo/dev > >> > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
