On 7/20/23 16:46, Aaron Conole wrote: > Mike Pattrick <[email protected]> writes: > >> Currently OVS keeps track of which mirrors that each packet has been >> sent to for the purpose of deduplication. However, this doesn't consider >> that openflow rules can make significant changes to packets after >> ingress. >> >> For example, OVN can create OpenFlow rules that turn an echo request >> into an echo response by flipping source/destination addresses and >> setting the ICMP type to Reply. When a mirror is configured, only the >> request gets mirrored even though a response is received. >> >> This can cause a false impression of the actual traffic on wire if >> someone inspects the mirror and doesn't see an echo reply even though >> one has been sent. >> >> This patch resets the mirrors every time a packet is modified, so >> mirrors will receive every copy of a packet that is sent for output. >> >> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2155579 >> Signed-off-by: Mike Pattrick <[email protected]> >> >> --- > > Acked-by: Aaron Conole <[email protected]>
Thanks, Mike, Eelco and Aaron! Applied and backported down to 2.17. Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
