From patchwork Tue Aug 16 20:58:45 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Gross X-Patchwork-Id: 659833 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (archives.nicira.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 3sDPq26thTz9t0G for ; Wed, 17 Aug 2016 06:58:54 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id BDFD8106E6; Tue, 16 Aug 2016 13:58:52 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx3v3.cudamail.com (mx3.cudamail.com [64.34.241.5]) by archives.nicira.com (Postfix) with ESMTPS id 81D75105C5 for ; Tue, 16 Aug 2016 13:58:51 -0700 (PDT) Received: from bar6.cudamail.com (localhost [127.0.0.1]) by mx3v3.cudamail.com (Postfix) with ESMTPS id B6C1F162ADD for ; Tue, 16 Aug 2016 14:58:50 -0600 (MDT) X-ASG-Debug-ID: 1471381129-0b3237312a0be90001-byXFYA Received: from mx1-pf2.cudamail.com ([192.168.24.2]) by bar6.cudamail.com with ESMTP id s5j84YSEKfXSCAdq (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 16 Aug 2016 14:58:49 -0600 (MDT) X-Barracuda-Envelope-From: jesse@kernel.org X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.2 Received: from unknown (HELO mail.kernel.org) (198.145.29.136) by mx1-pf2.cudamail.com with ESMTPS (DHE-RSA-AES256-SHA encrypted); 16 Aug 2016 20:58:49 -0000 Received-SPF: none (mx1-pf2.cudamail.com: domain at kernel.org does not designate permitted sender hosts) X-Barracuda-Apparent-Source-IP: 198.145.29.136 X-Barracuda-RBL-IP: 198.145.29.136 Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 524FB20172 for ; Tue, 16 Aug 2016 20:58:47 +0000 (UTC) Received: from ubuntu.localdomain (c-71-202-123-143.hsd1.ca.comcast.net [71.202.123.143]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3F7752015A for ; Tue, 16 Aug 2016 20:58:46 +0000 (UTC) X-CudaMail-Envelope-Sender: jesse@kernel.org From: Jesse Gross To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E2-815069576 X-CudaMail-DTE: 081616 X-CudaMail-Originating-IP: 198.145.29.136 Date: Tue, 16 Aug 2016 13:58:45 -0700 X-ASG-Orig-Subj: [##CM-E2-815069576##][PATCH] ovn: Set critical bit in Geneve option. Message-Id: <1471381125-77810-1-git-send-email-jesse@kernel.org> X-Mailer: git-send-email 2.7.4 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP X-Barracuda-Connect: UNKNOWN[192.168.24.2] X-Barracuda-Start-Time: 1471381129 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH] ovn: Set critical bit in Geneve option. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Currently the Geneve option type that OVN uses is 0, which in Geneve marks this as non-critical. Non-critical means that if a receiver does not recognize this option, it is free to ignore it and continue processing the packet. OVN uses its option to transmit things like input and output port which are used to enforce security policies and direct packets to their correct location. If the recipicient of a packet ignored this information then it would likely be a security hole. This would seem to qualify the option as critical. There's no issue in an instance of OVN as currently written - the receiver will always match on the option data. However, if a theoretical future version that did not use this option was connected or a third-party component was introduced then it's possible that this might be accidentally ignored. This patch changes the option type used by OVN to include the critical bit to properly mark the intention. Obviously, this will cause interoperability issues with any existing deployments but it should be fine while OVN is still labeled as experimental. Signed-off-by: Jesse Gross Acked-by: Russell Bryant --- ovn/controller/physical.h | 2 +- ovn/ovn-architecture.7.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ovn/controller/physical.h b/ovn/controller/physical.h index 92680dc..28845b2 100644 --- a/ovn/controller/physical.h +++ b/ovn/controller/physical.h @@ -37,7 +37,7 @@ struct simap; * * Keep these in sync with the documentation in ovn-architecture(7). */ #define OVN_GENEVE_CLASS 0x0102 /* Assigned Geneve class for OVN. */ -#define OVN_GENEVE_TYPE 0 +#define OVN_GENEVE_TYPE 0x80 /* Critical option. */ #define OVN_GENEVE_LEN 4 void physical_register_ovs_idl(struct ovsdb_idl *); diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml index 1a1bd39..de2a376 100644 --- a/ovn/ovn-architecture.7.xml +++ b/ovn/ovn-architecture.7.xml @@ -1180,7 +1180,7 @@ OVN transmits the logical ingress and logical egress ports in a TLV with - class 0x0102, type 0, and a 32-bit value encoded as follows, from MSB to + class 0x0102, type 0x80, and a 32-bit value encoded as follows, from MSB to LSB: