[ovs-dev] [PATCH] ovn: Set critical bit in Geneve option.

Tue, 16 Aug 2016 13:59:41 -0700 

Currently the Geneve option type that OVN uses is 0, which in
Geneve marks this as non-critical. Non-critical means that if a
receiver does not recognize this option, it is free to ignore it
and continue processing the packet.

OVN uses its option to transmit things like input and output port
which are used to enforce security policies and direct packets to
their correct location. If the recipicient of a packet ignored this
information then it would likely be a security hole. This would seem
to qualify the option as critical.

There's no issue in an instance of OVN as currently written - the
receiver will always match on the option data. However, if a
theoretical future version that did not use this option was connected
or a third-party component was introduced then it's possible that this
might be accidentally ignored.

This patch changes the option type used by OVN to include the
critical bit to properly mark the intention. Obviously, this will
cause interoperability issues with any existing deployments but
it should be fine while OVN is still labeled as experimental.

Signed-off-by: Jesse Gross <je...@kernel.org>
---
 ovn/controller/physical.h  | 2 +-
 ovn/ovn-architecture.7.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ovn/controller/physical.h b/ovn/controller/physical.h
index 92680dc..28845b2 100644
--- a/ovn/controller/physical.h
+++ b/ovn/controller/physical.h
@@ -37,7 +37,7 @@ struct simap;
  *
  * Keep these in sync with the documentation in ovn-architecture(7). */
 #define OVN_GENEVE_CLASS 0x0102  /* Assigned Geneve class for OVN. */
-#define OVN_GENEVE_TYPE 0
+#define OVN_GENEVE_TYPE 0x80     /* Critical option. */
 #define OVN_GENEVE_LEN 4
 
 void physical_register_ovs_idl(struct ovsdb_idl *);
diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml
index 1a1bd39..de2a376 100644
--- a/ovn/ovn-architecture.7.xml
+++ b/ovn/ovn-architecture.7.xml
@@ -1180,7 +1180,7 @@
 
     <!-- Keep the following in sync with ovn/controller/physical.h. -->
     OVN transmits the logical ingress and logical egress ports in a TLV with
-    class 0x0102, type 0, and a 32-bit value encoded as follows, from MSB to
+    class 0x0102, type 0x80, and a 32-bit value encoded as follows, from MSB to
     LSB:
   </p>
 
-- 
2.7.4

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to