@@ -1342,10 +1342,6 @@ nd_na {
<p>
These flows should not match IP fragments with nonzero offset.
</p>
-
- <p>
- Details TBD. Not yet implemented.
- </p>
</li>
<li>
@@ -5179,6 +5179,23 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
"next; };");
ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
ds_cstr(&match), ds_cstr(&actions));
+
+ ds_clear(&match);
+ ds_clear(&actions);
+
+ ds_put_format(&match,
+ "ip4 && ip4.dst == %s && !ip.later_frag",
+ op->lrp_networks.ipv4_addrs[i].addr_s);
+ ds_put_format(&actions,
+ "icmp4 {"
+ "eth.dst <-> eth.src; "
+ "ip4.dst <-> ip4.src; "
+ "ip.ttl = 255; "
+ "icmp4.type = 3; "
+ "icmp4.code = 2; "
+ "next; };");
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70,
+ ds_cstr(&match), ds_cstr(&actions));
}
ds_clear(&match);
@@ -10444,6 +10444,7 @@ OVN_POPULATE_ARP
ovn-nbctl --wait=hv sync
test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 11 0000 7dae fcfc 0303
+test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 84 0000 7dae fcfd 0302
OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [vif1.expected])
test_tcp_syn_packet 2 2 000000000002 00000000ff02 $(ip_to_hex 192 168 2 1) $(ip_to_hex 192 168 2 254) 0000 8b40 3039 0000 7bae 4486
Add priority-70 flows to generate ICMP protocol unreachable messages in reply to packets directed to the router's IP address on IP protocols other than UDP, TCP, and ICMP Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> --- ovn/northd/ovn-northd.8.xml | 4 ---- ovn/northd/ovn-northd.c | 17 +++++++++++++++++ tests/ovn.at | 1 + 3 files changed, 18 insertions(+), 4 deletions(-)