This patch loosens the restrictions surrounding push and pop MPLS actions
such that they will be allowed after a pop VLAN action if the inner
ethernet type is acceptable for pop and push MPLS actions. This implies
that there is only one VLAN tag present.
Some analysis of logic of this change is as follows:
The purpose of tracking vlan_tci is to allow prohibition of push
and pop MPLS actions in the presence of a VLAN. In this scenario
the VLAN_TAG_PRESENT bit of vlan_tci is set and eth_type is that of
the packet with the outermost VLAN tag removed.
A pop VLAN action may clear vlan_tci as it removes the outermost
VLAN tag and the push and pop MPLS logic may rely on eth_type for
their prohibition logic.
This will not allow push and pop MPLS on packets with multiple VLAN
tags, regardless of if they are all remove using POP VLAN, as there
is no mechanism to expose the inner ethernet type beyond that of
the outermost VLAN tag.
Suggested-by: Jesse Gross <jgross@nicira.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
}
case OVS_ACTION_ATTR_POP_VLAN:
+ vlan_tci = htons(0);
break;
case OVS_ACTION_ATTR_PUSH_VLAN:
return -EINVAL;
/* Prohibit push MPLS other than to a white list
* for packets that have a known tag order.
- *
- * vlan_tci indicates that the packet at one
- * point had a VLAN. It may have been subsequently
- * removed using pop VLAN so this rule is stricter
- * than necessary. This is because it is not
- * possible to know if a VLAN is still present
- * after a pop VLAN action. */
+ */
if (vlan_tci & htons(VLAN_TAG_PRESENT) ||
(eth_type != htons(ETH_P_IP) &&
eth_type != htons(ETH_P_IPV6) &&