Message ID | 20191203141121.464-1-roid@mellanox.com |
---|---|
State | Accepted |
Commit | 84dd881bb5be74b16b6177889394e99a49f6be90 |
Headers | show |
Series | [ovs-dev,v2] ofproto-dpif-xlate: Prevent duplicating of traffic to a mirror port | expand |
On Tue, Dec 03, 2019 at 04:11:21PM +0200, Roi Dayan wrote: > From: Dmytro Linkin <dmitrolin@mellanox.com> > > Currently ofproto design disallow duplicating output packet on forwarding > and mirroring to/from same ovs port. Next scenario reveal lack of design: > 1. Send ping between regular ovs ports (VFs, for ex.), stop it. > 2. While rule still exist, make mirror for one of the ports. > Prevent duplicating of traffic to a mirror port. > > Fixes: 86e2dcddce85 ("dpif-xlate: Snoop multicast packets and send them properly") > Signed-off-by: Dmytro Linkin <dmitrolin@mellanox.com> > Acked-by: Roi Dayan <roid@mellanox.com> Thanks, applied to master.
diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index 7e55575b183a..daf7fec80c9e 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -3118,6 +3118,13 @@ xlate_normal(struct xlate_ctx *ctx) if (mac_port) { struct xbundle *mac_xbundle = xbundle_lookup(ctx->xcfg, mac_port); + + if (mac_xbundle && xbundle_mirror_out(ctx->xbridge, mac_xbundle)) { + xlate_report(ctx, OFT_WARN, + "learned port is a mirror port, dropping"); + return; + } + if (mac_xbundle && mac_xbundle != in_xbundle && mac_xbundle->ofbundle != in_xbundle->ofbundle) {