The datapath doesn't carry over tunnel metadata between input and output because such an operation doesn't generally make sense. In order to keep the flow information in sync, userspace needs to do this as well. However, userspace was clearing out only the base flow, which means that it later generated an action with the original tunnel metadata. If a packet is both being sent and received on a tunnel then this will cause the output tunnel's configuration to be overriden with incorrect information. This was recently exposed when the ability to interpret tunnel metadata was added to userspace.
Reported-by: Anand Krishnamurthy <[email protected]> Reported-by: Saul St. John <[email protected]> Signed-off-by: Jesse Gross <[email protected]> --- ofproto/ofproto-dpif.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index d5155cf..58a1690 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -6080,8 +6080,8 @@ action_xlate_ctx_init(struct action_xlate_ctx *ctx, { ctx->ofproto = ofproto; ctx->flow = *flow; + memset(&ctx->flow.tunnel, 0, sizeof ctx->flow.tunnel); ctx->base_flow = ctx->flow; - memset(&ctx->base_flow.tunnel, 0, sizeof ctx->base_flow.tunnel); ctx->base_flow.vlan_tci = initial_tci; ctx->rule = rule; ctx->packet = packet; -- 1.7.9.5 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
