On Tue, Aug 16, 2016 at 4:58 PM, Jesse Gross <je...@kernel.org> wrote:
> Currently the Geneve option type that OVN uses is 0, which in > Geneve marks this as non-critical. Non-critical means that if a > receiver does not recognize this option, it is free to ignore it > and continue processing the packet. > > OVN uses its option to transmit things like input and output port > which are used to enforce security policies and direct packets to > their correct location. If the recipicient of a packet ignored this > information then it would likely be a security hole. This would seem > to qualify the option as critical. > > There's no issue in an instance of OVN as currently written - the > receiver will always match on the option data. However, if a > theoretical future version that did not use this option was connected > or a third-party component was introduced then it's possible that this > might be accidentally ignored. > > This patch changes the option type used by OVN to include the > critical bit to properly mark the intention. Obviously, this will > cause interoperability issues with any existing deployments but > it should be fine while OVN is still labeled as experimental. > > Signed-off-by: Jesse Gross <je...@kernel.org> > Thanks for the detailed explanation. That makes sense to me. For master and 2.6: Acked-by: Russell Bryant <russ...@ovn.org> -- Russell Bryant _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
