From patchwork Wed May 29 09:54:04 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Anju Thomas <anju.thomas@ericsson.com>
X-Patchwork-Id: 1107043
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=ericsson.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=ericsson.com header.i=@ericsson.com
	header.b="QqfzWa3z"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 45DR1q1FcHz9s7h
	for <incoming@patchwork.ozlabs.org>;
	Wed, 29 May 2019 19:56:29 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 7A36323F7;
	Wed, 29 May 2019 09:56:25 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 0B50C23B9
	for <dev@openvswitch.org>; Wed, 29 May 2019 09:54:09 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from EUR04-VI1-obe.outbound.protection.outlook.com
	(mail-eopbgr80080.outbound.protection.outlook.com [40.107.8.80])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 397D06C5
	for <dev@openvswitch.org>; Wed, 29 May 2019 09:54:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com;
	s=selector2;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=ASmkVxA4IjPy3CK+HKYys12bNvE8p31eUIMq7EbXpX8=;
	b=QqfzWa3z5K+nPz0ZdFxgcMhP0hKjk2fPSVzPhlQDz+gvjafWm+YTlT+quMe0PkemV0dl1+1O9KNA4Chq7Y/kp9RGgR8oMXHyH1mcznAAsMhI/PlODz8kTdz8L2c0x/qZPk06VW1OViy9DQQDKkAh7wIA2Sj9aVvV3yzJJgxt6Mo=
Received: from AM0PR07MB4356.eurprd07.prod.outlook.com (52.133.59.31) by
	AM0PR07MB5763.eurprd07.prod.outlook.com (20.178.114.92) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.1943.14; Wed, 29 May 2019 09:54:04 +0000
Received: from AM0PR07MB4356.eurprd07.prod.outlook.com
	([fe80::2418:7f8:3e4e:7173]) by
	AM0PR07MB4356.eurprd07.prod.outlook.com
	([fe80::2418:7f8:3e4e:7173%6]) with mapi id 15.20.1943.016;
	Wed, 29 May 2019 09:54:04 +0000
From: Anju Thomas <anju.thomas@ericsson.com>
To: "dev@openvswitch.org" <dev@openvswitch.org>
Thread-Topic: [PATCH v1] Incorrect match criteria for in-band control rule
Thread-Index: AQHVFgRzAQp4YrbdkEeVyJISwg1Kxw==
Date: Wed, 29 May 2019 09:54:04 +0000
Message-ID: <1559152578-895-1-git-send-email-anju.thomas@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [125.16.213.150]
x-mailer: git-send-email 1.9.1
x-clientproxiedby: PN1PR01CA0114.INDPRD01.PROD.OUTLOOK.COM
	(2603:1096:c00::30)
	To AM0PR07MB4356.eurprd07.prod.outlook.com
	(2603:10a6:208:b6::31)
authentication-results: spf=none (sender IP is )
	smtp.mailfrom=anju.thomas@ericsson.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9f7fa8b7-1636-4c1e-33b2-08d6e41b959d
x-microsoft-antispam: BCL:0; PCL:0;
	RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);
	SRVR:AM0PR07MB5763;
x-ms-traffictypediagnostic: AM0PR07MB5763:
x-microsoft-antispam-prvs: 
 <AM0PR07MB57638CEFEDEAC7203046B2739B1F0@AM0PR07MB5763.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0052308DC6
x-forefront-antispam-report: SFV:NSPM;
	SFS:(10009020)(366004)(396003)(39860400002)(136003)(376002)(346002)(189003)(199004)(476003)(66946007)(8676002)(2616005)(71200400001)(71190400001)(73956011)(6506007)(44832011)(53936002)(107886003)(2906002)(486006)(66556008)(66476007)(36756003)(66446008)(81156014)(6486002)(7736002)(55236004)(102836004)(64756008)(316002)(52116002)(6916009)(1730700003)(81166006)(66066001)(86362001)(256004)(305945005)(508600001)(6436002)(25786009)(4326008)(5660300002)(8936002)(50226002)(5640700003)(2501003)(3846002)(14454004)(6512007)(99286004)(186003)(26005)(68736007)(2351001)(6116002)(386003);
	DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB5763;
	H:AM0PR07MB4356.eurprd07.prod.outlook.com; FPR:; SPF:None;
	LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate
	permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 ZNbMyQ8oVfBNPt/a7hUp+KtZQB5A8T4Stq0FTf0rOIETu4WIA6yPv0W3u3pK8HOVP85qzTnxa2eldE2wFjt5zkdBcUadpKclJV7r6WAEwz5BvlqjqTsb2EWn0WHeDHBIxH1WZzwr+KdHzdUHtaUoaQP/Vs4AnDWZsj8TXIs/8Pwp3JMViW/CyRQhwv9Uodoat9oWgDmE4/2mZaCcTIWPnZqWroL2wv3pScJQ2UqUMMAf8y7aIoKyS35Dhj+CdZn9IS2y+3GChppVykJcevvEemfUwVIDe/z6cpew+RblH9MqKHrkQMz2ufVMW1wUjRgNhB6r/NHqiIIn78UuPByXKozKPKzMo9WYnmYPNKOtCvUrKQ+TycRR3axQD0/ILRaLnV12s307sjSSVJMOvG2syf3wCBx8qnhTqBTNLidonlM=
Content-ID: <C4704DB805082C49BAD51C1680040416@eurprd07.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 9f7fa8b7-1636-4c1e-33b2-08d6e41b959d
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2019 09:54:04.8434
	(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: anju.thomas@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5763
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Anju Thomas <anju.thomas@ericsson.com>
Subject: [ovs-dev] [PATCH v1] Incorrect match criteria for in-band control
	rule
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

As part of in-band control, OVS  is expected to send DHCP server replies to the LOCAL port as well. In this case, OVS implicitly adds an additional action to output to the bridge’s LOCAL port after the ofproto translation for the packet is completed in the ofproto layer but before sending the actions to datapath for installation.
However, the match criteria is unchanged and as a result all packets (not just DHCP server replies) are also sent to the LOCAL port.
The fix is to add the IP protocol type (UDP), the UDP source and destination ports to the match criteria so that a specific datapath flow that matches only DHCP server replies is installed. As a result, only DHCP server reply packets will be sent to the LOCAL port.

Signed-off-by: Anju Thomas <anju.thomas@ericsson.com>
---
 ofproto/ofproto-dpif-xlate.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c
index ae8b999..04d69ed 100644
--- a/ofproto/ofproto-dpif-xlate.c
+++ b/ofproto/ofproto-dpif-xlate.c
@@ -7584,6 +7584,10 @@ xlate_actions(struct xlate_in *xin, struct xlate_out *xout)
             && xbridge->has_in_band
             && in_band_must_output_to_local_port(flow)
             && !actions_output_to_local_port(&ctx)) {
+            WC_MASK_FIELD(ctx.wc, nw_proto);
+            WC_MASK_FIELD(ctx.wc, tp_src);
+            WC_MASK_FIELD(ctx.wc, tp_dst);
+            WC_MASK_FIELD(ctx.wc, dl_type);
             compose_output_action(&ctx, OFPP_LOCAL, NULL, false, false);
         }