Upon further research I think I was wrong about this, and we actually need to unwildcard the ‘tun_dst’ bits to prevent tunneled packets matching on non-tunneled flows.
I’ll send a revised patch soon. Jarno On Apr 9, 2014, at 1:38 PM, Ben Pfaff <b...@nicira.com> wrote: > On Tue, Apr 08, 2014 at 04:38:52PM -0700, Jarno Rajahalme wrote: >> It would seem that we should set the 'tun_dst' in 'wc' when calling >> tnl_port_should_receive(), as it is reading that flow field. >> >> However, tnl_port_should_receive() returns true, if the flow has >> tunnel metadata. If there is no tunnel metadata, then there is >> nothing to mask, so we do not set the 'ip_dst' field in the 'wc' if >> this test fails, even though we used that field to determine the >> non-presence of the tunnel metadata. >> >> Datapath flow matching ensures that a key that does not include tunnel >> metadata cannot match a tunneled packet. >> >> Signed-off-by: Jarno Rajahalme <jrajaha...@nicira.com> > > Acked-by: Ben Pfaff <b...@nicira.com> _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
