From patchwork Fri Jul 6 16:12:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 940593 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41MfsZ2qKVz9s4V for ; Sat, 7 Jul 2018 02:13:22 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id DFA56D1F; Fri, 6 Jul 2018 16:12:29 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D982DCFE for ; Fri, 6 Jul 2018 16:12:28 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 523DD124 for ; Fri, 6 Jul 2018 16:12:28 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id 69-v6so14885328wmf.3 for ; Fri, 06 Jul 2018 09:12:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=EyBQ02ZX+7Wp2S1RtUIo7TIkb2TKW5IDzgzVl8EcIMo=; b=tpmFLqx0hgy56vss9XmtTM7DZs0teQveet4Cp0joCvXD72jFvMiaiSsXfy7By5hOhq oXpG7zh63v82rCVNAaZWuxF7xlGPRYsU6rssxgStO92HnPL2z5p0jyJEY3gzaJYnSTpT fzo/HtF+dTn0Mta6ysXJ9xLQn7fXz2UqYLqmNtmAsX+/Ow4RuQJI2ud1eYVunfTDhYgD SWJSNGs8fVXwG8kpF97y+lGe9fMDxBrUpC/gnQ8Uv79bgNwyGwXQj/hU4M3ejf+j6N82 KErWQUngOR5uzB6Ymr6kOh1IhNVNhpEpH7cAUw4bRv6n5AVPms+ugU0SGYGtwi6nyzK5 Qw7w== X-Gm-Message-State: APt69E3Sw5hYyV53X1x9poqkHeydMx1X+dF+d7zDF8KryxhSXT0+9apK 5qp0ux1F2iWn0RHB3xPZE6JGozFRHrg= X-Google-Smtp-Source: AAOMgpexGb7VRwQYQxs9pD+EMx7E84ZyhHQny+z0EuDm+TQlbf4DF9aSUyxAJJkgf/NDiDKmCaEwRg== X-Received: by 2002:a1c:20cb:: with SMTP id g194-v6mr7345277wmg.102.1530893546769; Fri, 06 Jul 2018 09:12:26 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id c18-v6sm12582055wrq.17.2018.07.06.09.12.26 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Jul 2018 09:12:26 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 6 Jul 2018 18:12:18 +0200 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 2/2] OVN: add IPv6 address unreachable support to OVN router ports X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Add priority-70 flows to generate ICMPv6 address unreachable messages in reply to IPv6 packets directed to the router's IP address on IP protocols other than UDP, TCP, and ICMP Signed-off-by: Lorenzo Bianconi --- ovn/northd/ovn-northd.8.xml | 5 +++-- ovn/northd/ovn-northd.c | 14 ++++++++++++++ tests/ovn.at | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index 08e0325a0..fa5e5f9d7 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -1339,8 +1339,9 @@ nd_na {

  • - Protocol unreachable. Priority-70 flows generate ICMP protocol - unreachable messages in reply to packets directed to the router's IP + Protocol or address unreachable. Priority-70 flows generate ICMP + protocol or address unreachable messages for IPv4 and IPv6 + respectively in reply to packets directed to the router's IP address on IP protocols other than UDP, TCP, and ICMP, except in the special case of gateways, which accept traffic directed to a router IP for load balancing purposes. diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 912e0188d..1d1484687 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -5352,6 +5352,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "next; };"; ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, ds_cstr(&match), action); + + ds_clear(&match); + ds_put_format(&match, + "ip6 && ip6.dst == %s && !ip.later_frag", + op->lrp_networks.ipv6_addrs[i].addr_s); + action = "icmp6 {" + "eth.dst <-> eth.src; " + "ip6.dst <-> ip6.src; " + "ip.ttl = 255; " + "icmp6.type = 1; " + "icmp6.code = 3; " + "next; };"; + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70, + ds_cstr(&match), action); } } diff --git a/tests/ovn.at b/tests/ovn.at index eac928fbb..48805ddb1 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -10495,6 +10495,7 @@ test_ip6_packet 1 1 000000000001 00000000ff01 20010db8000100000000000000000011 2 OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [vif1.expected]) test_tcp_syn_packet 2 2 000000000002 00000000ff02 $(ip_to_hex 192 168 2 1) $(ip_to_hex 192 168 2 254) 0000 8b40 3039 0000 7bae 4486 +test_ip6_packet 2 2 000000000002 00000000ff02 20010db8000200000000000000000011 20010db8000200000000000000000001 84 0004 01020304 0103 627e OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [vif2.expected]) OVN_CLEANUP([hv1], [hv2])