From patchwork Sun Nov 3 09:11:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roi Dayan X-Patchwork-Id: 1188525 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=mellanox.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 475VZB2zpwz9sP3 for ; Sun, 3 Nov 2019 20:12:33 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 2C99DCB6; Sun, 3 Nov 2019 09:12:29 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 49D9AC9F for ; Sun, 3 Nov 2019 09:12:27 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 59C88180 for ; Sun, 3 Nov 2019 09:12:26 +0000 (UTC) Received: from Internal Mail-Server by MTLPINE1 (envelope-from roid@mellanox.com) with ESMTPS (AES256-SHA encrypted); 3 Nov 2019 11:12:24 +0200 Received: from mtr-vdi-191.wap.labs.mlnx. (mtr-vdi-191.wap.labs.mlnx [10.209.100.28]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id xA39COa8027294; Sun, 3 Nov 2019 11:12:24 +0200 From: Roi Dayan To: dev@openvswitch.org Date: Sun, 3 Nov 2019 11:11:53 +0200 Message-Id: <20191103091153.212675-1-roid@mellanox.com> X-Mailer: git-send-email 2.8.4 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Simon Horman , Dmytro Linkin Subject: [ovs-dev] [PATCH] ofproto-dpif-xlate: Prevent duplicating of traffic to a mirror port X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Dmytro Linkin Currently ofproto design disallow duplicating output packet on forwarding and mirroring to/from same ovs port. Next scenario reveal lack of design: 1. Send ping between regular ovs ports (VFs, for ex.), stop it. 2. While rule still exist, make mirror for one of the ports. Prevent duplicating of traffic to a mirror port. Fixes: 86e2dcddce85 ("dpif-xlate: Snoop multicast packets and send them properly") Signed-off-by: Dmytro Linkin Acked-by: Roi Dayan --- ofproto/ofproto-dpif-xlate.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index f92cb62c80ce..935a44dd07c2 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -3118,6 +3118,19 @@ xlate_normal(struct xlate_ctx *ctx) if (mac_port) { struct xbundle *mac_xbundle = xbundle_lookup(ctx->xcfg, mac_port); + + /* Drop frames if output port is a mirror port. */ + if (mac_xbundle && xbundle_mirror_out(ctx->xbridge, mac_xbundle)) { + if (ctx->xin->packet != NULL) { + xlate_report_error(ctx, "dropping packet received on port %s, " + "which is reserved exclusively for mirroring", + mac_xbundle->name); + } + xlate_report(ctx, OFT_WARN, + "output port is a mirror port, dropping"); + return; + } + if (mac_xbundle && mac_xbundle != in_xbundle && mac_xbundle->ofbundle != in_xbundle->ofbundle) {