It would seem that we should set the 'tun_dst' in 'wc' when calling
tnl_port_should_receive(), as it is reading that flow field.
However, tnl_port_should_receive() returns true, if the flow has
tunnel metadata. If there is no tunnel metadata, then there is
nothing to mask, so we do not set the 'ip_dst' field in the 'wc' if
this test fails, even though we used that field to determine the
non-presence of the tunnel metadata.
Datapath flow matching ensures that a key that does not include tunnel
metadata cannot match a tunneled packet.
Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com>
---
ofproto/tunnel.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/ofproto/tunnel.c b/ofproto/tunnel.c
index 336b810..27725cd 100644
--- a/ofproto/tunnel.c
+++ b/ofproto/tunnel.c
@@ -302,8 +302,8 @@ tnl_ecn_ok(const struct flow *base_flow, struct flow *flow,
struct flow_wildcards *wc)
{
if (is_ip_any(base_flow)) {
- wc->masks.nw_tos |= IP_ECN_MASK;
if ((flow->tunnel.ip_tos & IP_ECN_MASK) == IP_ECN_CE) {
+ wc->masks.nw_tos |= IP_ECN_MASK;
if ((base_flow->nw_tos & IP_ECN_MASK) == IP_ECN_NOT_ECT) {
VLOG_WARN_RL(&rl, "dropping tunnel packet marked ECN CE"
" but is not ECN capable");
@@ -326,6 +326,13 @@ bool
tnl_xlate_init(const struct flow *base_flow, struct flow *flow,
struct flow_wildcards *wc)
{
+ /* tnl_port_should_receive() returns true, if the flow has tunnel
+ * metadata. If there is no tunnel metadata, then there is nothing to
+ * mask, so we do not set the 'ip_dst' field in the 'wc' if this test
+ * fails, even though we used that field to determine the non-presence of
+ * the tunnel metadata. Datapath flow matching ensures that a key that
+ * does not include tunnel metadata cannot match a tunneled packet. */
+
if (tnl_port_should_receive(flow)) {
wc->masks.tunnel.tun_id = OVS_BE64_MAX;
wc->masks.tunnel.ip_src = OVS_BE32_MAX;
--
1.7.10.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
