From: Dmytro Linkin <dmitro...@mellanox.com> Currently ofproto design disallow duplicating output packet on forwarding and mirroring to/from same ovs port. Next scenario reveal lack of design: 1. Send ping between regular ovs ports (VFs, for ex.), stop it. 2. While rule still exist, make mirror for one of the ports. Prevent duplicating of traffic to a mirror port.
Fixes: 86e2dcddce85 ("dpif-xlate: Snoop multicast packets and send them properly") Signed-off-by: Dmytro Linkin <dmitro...@mellanox.com> Acked-by: Roi Dayan <r...@mellanox.com> --- ofproto/ofproto-dpif-xlate.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index f92cb62c80ce..935a44dd07c2 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -3118,6 +3118,19 @@ xlate_normal(struct xlate_ctx *ctx) if (mac_port) { struct xbundle *mac_xbundle = xbundle_lookup(ctx->xcfg, mac_port); + + /* Drop frames if output port is a mirror port. */ + if (mac_xbundle && xbundle_mirror_out(ctx->xbridge, mac_xbundle)) { + if (ctx->xin->packet != NULL) { + xlate_report_error(ctx, "dropping packet received on port %s, " + "which is reserved exclusively for mirroring", + mac_xbundle->name); + } + xlate_report(ctx, OFT_WARN, + "output port is a mirror port, dropping"); + return; + } + if (mac_xbundle && mac_xbundle != in_xbundle && mac_xbundle->ofbundle != in_xbundle->ofbundle) { -- 2.8.4 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev