@@ -937,7 +937,10 @@ static inline bool is_nd(const struct flow *flow,
memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
}
return (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT) ||
- flow->tp_src == htons(ND_NEIGHBOR_ADVERT));
+ flow->tp_src == htons(ND_NEIGHBOR_ADVERT) ||
+ flow->tp_src == htons(ND_ROUTER_SOLICIT) ||
+ flow->tp_src == htons(ND_ROUTER_ADVERT) ||
+ flow->tp_src == htons(ND_REDIRECT));
}
return false;
}
@@ -879,7 +879,9 @@ nxm_put_ip(struct ofpbuf *b, const struct match *match, enum ofp_version oxm)
nxm_put_8(b, MFF_ICMPV6_CODE, oxm,
ntohs(flow->tp_dst));
}
- if (is_nd(flow, NULL)) {
+ if (is_nd(flow, NULL)
+ && (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)
+ || flow->tp_src == htons(ND_NEIGHBOR_ADVERT))) {
nxm_put_ipv6(b, MFF_ND_TARGET, oxm,
&flow->nd_target, &match->wc.masks.nd_target);
if (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)) {
@@ -4429,6 +4429,8 @@ odp_flow_key_from_flow__(const struct odp_flow_key_parms *parms,
icmpv6_key->icmpv6_code = ntohs(data->tp_dst);
if (is_nd(flow, NULL)
+ && (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)
+ || flow->tp_src == htons(ND_NEIGHBOR_ADVERT))
/* Even though 'tp_src' and 'tp_dst' are 16 bits wide, ICMP
* type and code are 8 bits wide. Therefore, an exact match
* looks like htons(0xff), not htons(0xffff). See
@@ -4963,7 +4965,9 @@ parse_l2_5_onward(const struct nlattr *attrs[OVS_KEY_ATTR_MAX + 1],
flow->tp_src = htons(icmpv6_key->icmpv6_type);
flow->tp_dst = htons(icmpv6_key->icmpv6_code);
expected_bit = OVS_KEY_ATTR_ICMPV6;
- if (is_nd(src_flow, NULL)) {
+ if (is_nd(src_flow, NULL)
+ && (src_flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)
+ || src_flow->tp_src == htons(ND_NEIGHBOR_ADVERT))) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ND;
}
@@ -1355,11 +1355,13 @@ static void
pinctrl_handle_nd_na(const struct flow *ip_flow, const struct match *md,
struct ofpbuf *userdata)
{
- /* This action only works for IPv6 ND packets, and the switch should only
- * send us ND packets this way, but check here just to be sure. */
- if (!is_nd(ip_flow, NULL)) {
+ /* This action only works for IPv6 ND Neighbor Solicitation packets,
+ * and the switch should only send us such packets this way, but check
+ * here just to be sure. */
+ if (!is_nd(ip_flow, NULL)
+ || ip_flow->tp_src != htons(ND_NEIGHBOR_SOLICIT)) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "NA action on non-ND packet");
+ VLOG_WARN_RL(&rl, "NA action on non-ND-NS packet");
return;
}
From: Zongkai LI <zealokii@gmail.com> This patch updates method "is_nd" to let type ND_ROUTER_SOLICIT, ND_ROUTER_ADVERT, ND_REDIRECT can be recoginzed. --- lib/flow.h | 5 ++++- lib/nx-match.c | 4 +++- lib/odp-util.c | 6 +++++- ovn/controller/pinctrl.c | 10 ++++++---- 4 files changed, 18 insertions(+), 7 deletions(-)