On Tue, Aug 16, 2016 at 2:04 PM, Russell Bryant <russ...@ovn.org> wrote: > > On Tue, Aug 16, 2016 at 4:58 PM, Jesse Gross <je...@kernel.org> wrote: >> >> Currently the Geneve option type that OVN uses is 0, which in >> Geneve marks this as non-critical. Non-critical means that if a >> receiver does not recognize this option, it is free to ignore it >> and continue processing the packet. >> >> OVN uses its option to transmit things like input and output port >> which are used to enforce security policies and direct packets to >> their correct location. If the recipicient of a packet ignored this >> information then it would likely be a security hole. This would seem >> to qualify the option as critical. >> >> There's no issue in an instance of OVN as currently written - the >> receiver will always match on the option data. However, if a >> theoretical future version that did not use this option was connected >> or a third-party component was introduced then it's possible that this >> might be accidentally ignored. >> >> This patch changes the option type used by OVN to include the >> critical bit to properly mark the intention. Obviously, this will >> cause interoperability issues with any existing deployments but >> it should be fine while OVN is still labeled as experimental. >> >> Signed-off-by: Jesse Gross <je...@kernel.org> > > > Thanks for the detailed explanation. That makes sense to me. For master > and 2.6: > > Acked-by: Russell Bryant <russ...@ovn.org>
Thanks - I applied this to master and branch-2.6. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
