From patchwork Fri Aug 12 08:02:29 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zong Kai LI X-Patchwork-Id: 658546 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (archives.nicira.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 3s9cn075JWz9sdm for ; Fri, 12 Aug 2016 18:02:28 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=bgIeli4M; dkim-atps=neutral Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 3AF8710D1D; Fri, 12 Aug 2016 01:02:28 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id C89311055D for ; Fri, 12 Aug 2016 01:02:26 -0700 (PDT) Received: from bar5.cudamail.com (unknown [192.168.21.12]) by mx1e4.cudamail.com (Postfix) with ESMTPS id 5FEF01E05B4 for ; Fri, 12 Aug 2016 02:02:26 -0600 (MDT) X-ASG-Debug-ID: 1470988944-09eadd387f65d90001-byXFYA Received: from mx3-pf2.cudamail.com ([192.168.14.1]) by bar5.cudamail.com with ESMTP id AeBHJLoTxw0LkpCM (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 12 Aug 2016 02:02:24 -0600 (MDT) X-Barracuda-Envelope-From: zealokii@gmail.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.1 Received: from unknown (HELO mail-it0-f66.google.com) (209.85.214.66) by mx3-pf2.cudamail.com with ESMTPS (AES128-SHA encrypted); 12 Aug 2016 08:02:23 -0000 Received-SPF: pass (mx3-pf2.cudamail.com: SPF record at _netblocks.google.com designates 209.85.214.66 as permitted sender) X-Barracuda-Apparent-Source-IP: 209.85.214.66 X-Barracuda-RBL-IP: 209.85.214.66 Received: by mail-it0-f66.google.com with SMTP id n191so512266ith.1 for ; Fri, 12 Aug 2016 01:02:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=YeWvstMsSK/hpLVZzCOidR2CplYqcqCyan09ydHEsYc=; b=bgIeli4MI6XhYPBCSWGW103igEB6AP1oyDMp1iEOCBm1Sgv3zeEdQMwNKR8Rh+DomX Lid3vRLC0R6QkTC9sCF7g2y7bHBAMiFJycks2nD6H85CWM6OR0xIiroDIhTI9WMVas1x 9QdAHtuBnGroil+Qtl+VVczej6aLwa8BgK5GqXeS4HPVHV5hhqM78AJEe8DuweOXSAvS ck4jUVgAx5s20Qn/B6ut7mG4kCDiBgKBOP9PsV6wV17pRQMMvlArPZGVi2/OxC9Q3aRb Oy1m4MJQpckTcz164K9oWzXvlo3iWFmLkNrF9nZhEWU4LVTHlxGqKFX/jaKr6iOvQwvF KNhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=YeWvstMsSK/hpLVZzCOidR2CplYqcqCyan09ydHEsYc=; b=b1/356/0tGe6d6Wg3Diiijf9eCa2E/phpL2i+2Xquoo3ZC4w4JzhiJ5y5AKos8hWVL 1F9V8lAp0k7FwzIBFCP4bXOlHbBRNOk6SOSgHYA5+wyoD176+leTUL8fXLLDZ45+Xu9H CS4Xru130cundHL3wkPCDf/4GWIkPZYfABetr1qX5LE92lyEURh4c7K47CmsM3t5+luG 3tz0ZyBAcermMYFUOhEIhyV3ifa3FpFrRhzQmDA/Oi3UYOP/rkOzvNGwv+aQrQUwvp/C cI9/cwDY61dv1uCy51AiIzqGhJ6QSfnMfzDtyMwrnQZq4kmFE4F+jUnummBka/cwYAqv snPQ== X-Gm-Message-State: AEkoous1yeewvWsuqolIEkMoZ12p9ignGWBKvD1nH1fSyDNxNw7rLlhHSTT7jg63+DUBlA== X-Received: by 10.36.206.129 with SMTP id v123mr1712679itg.11.1470988942506; Fri, 12 Aug 2016 01:02:22 -0700 (PDT) Received: from localhost.localdomain (rchp3.rochester.ibm.com. [129.42.161.35]) by smtp.gmail.com with ESMTPSA id c139sm613893itc.17.2016.08.12.01.02.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Aug 2016 01:02:22 -0700 (PDT) X-CudaMail-Envelope-Sender: zealokii@gmail.com From: Zongkai LI To: dev@openvswitch.org X-CudaMail-MID: CM-V2-811001048 X-CudaMail-DTE: 081216 X-CudaMail-Originating-IP: 209.85.214.66 Date: Fri, 12 Aug 2016 08:02:29 +0000 X-ASG-Orig-Subj: [##CM-V2-811001048##][ovs-dev] [PATCH RFC v3 3/3] ovn-northd: add RS responder for SLAAC Message-Id: <1470988949-30408-1-git-send-email-zealokii@gmail.com> X-Mailer: git-send-email 1.9.1 X-GBUdb-Analysis: 0, 209.85.214.66, Ugly c=0.308711 p=-0.3 Source Normal X-MessageSniffer-Rules: 0-0-0-32767-c X-Barracuda-Connect: UNKNOWN[192.168.14.1] X-Barracuda-Start-Time: 1470988944 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.60 X-Barracuda-Spam-Status: No, SCORE=0.60 using global scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=4.0 tests=BSF_SC5_MJ1963, DKIM_SIGNED, RDNS_NONE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.31956 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 DKIM_SIGNED Domain Keys Identified Mail: message has a signature 0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS 0.50 BSF_SC5_MJ1963 Custom Rule MJ1963 Cc: LI Zong Kai Subject: [ovs-dev] [PATCH RFC v3 3/3] ovn-northd: add RS responder for SLAAC X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" From: LI Zong Kai This patch tries to implement Router Solicitation (RS) responder, which will reply Router Advertisement (RA) message, for SLAAC on ovn-northd side. It tries to build lflows per each Logical Router Port, who have IPv6 networks and set their 'slaac' column to true. The lflows will look like: match=(inport == "lrp-32a71e0b-8b19-4c52-8cde-058325e4df5d" && ip6.dst == ff02::2 && nd_rs) action=(nd_ra{slaac(fa:16:3e:62:f1:e6,1450,fd80:a123:b345::/64); outport = inport; flags.loopback = 1; output;};) while: - nd_rs is a new symbol stands for "icmp6.type == 133 && icmp6.code == 0 && ttl == 255" - slaac is a new action which accepts ordered parameter list: - MAC address: router port mac address, such as fa:16:3e:62:f1:e6. - MTU: logical switch MTU, such as 1450. - one or more IPv6 prefixes: such as fd80:a123:b345::/64. - nd_ra is a new action which will compose a RA packet per parameters in slaac, and eth.src and ip6.src from packet being processed. Logical_Router_Port.slaac column will only tell whether ovn should reply a RA packet for RS packet received from the lrp port. To reply a RA packet for other scenario will be a future work. --- ovn/lib/logical-fields.c | 4 +- ovn/northd/ovn-northd.c | 93 +++++++++++++++++++++++++++++++++++--- ovn/ovn-nb.ovsschema | 5 ++- ovn/ovn-nb.xml | 11 +++++ tests/ovn.at | 113 ++++++++++++++++++++++++++++++++++++++++++++++- 5 files changed, 216 insertions(+), 10 deletions(-) # Contradictionary prerequisites (allowed but not useful): ip4.src = ip6.src[0..31]; => actions=move:NXM_NX_IPV6_SRC[0..31]->NXM_OF_IP_SRC[], prereqs=eth.type == 0x800 && eth.type == 0x86dd @@ -4075,3 +4075,114 @@ AT_CHECK([cat received2.packets], [0], [expout]) OVN_CLEANUP([hv1]) AT_CLEANUP + +AT_SETUP([ovn -- ipv6 stateless address autoconfiguration]) +AT_KEYWORDS([ovn-slaac]) +AT_SKIP_IF([test $HAVE_PYTHON = no]) +ovn_start + +# In this test case we create 1 lswitch with 2 VIF ports attached +# with. Router solicitation packet we test, sent from VIF port, will be replied +# by local ovn-controller. + +# Create hypervisors and logical switch lsw0, logical router lr0, attach lsw0 +# onto lr0, set Logical_Router_Port.slaac column to 'true' to allow lrp0 send +# RA with SLAAC flags. +ovn-nbctl ls-add lsw0 +ovn-nbctl add logical-switch lsw0 other_config mtu=1450 +ovn-nbctl lr-add lr0 +ovn-nbctl lrp-add lr0 lrp0 fa:16:3e:32:3c:e0 fdad:a0f9:a012::1/64 +ovn-nbctl set Logical_Router_Port lrp0 slaac="true" +ovn-nbctl \ + -- lsp-add lsw0 lsp0 \ + -- set Logical_Switch_Port lsp0 type=router \ + options:router-port=lrp0 \ + addresses='"fa:16:3e:32:3c:e0 fdad:a0f9:a012::1"' +net_add n1 +sim_add hv1 +as hv1 +ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.2 + +# Add vif1 to hv1 and lsw0, turn on l2 port security on vif1. +ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=hv1/vif1-tx.pcap options:rxq_pcap=hv1/vif1-rx.pcap +ovn-nbctl lsp-add lsw0 lp1 +ovn-nbctl lsp-set-addresses lp1 "fa:16:3e:6e:a1:42 10.0.0.12 fdad:a0f9:a012:0:f816:3eff:fe6e:a142" +ovn-nbctl lsp-set-port-security lp1 "fa:16:3e:6e:a1:42 10.0.0.12 fdad:a0f9:a012:0:f816:3eff:fe6e:a142" + +# Add vif2 to hv1 and lsw0, turn on l2 port security on vif2. +ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=hv1/vif2-tx.pcap options:rxq_pcap=hv1/vif2-rx.pcap +ovn-nbctl lsp-add lsw0 lp2 +ovn-nbctl lsp-set-addresses lp2 "fa:16:3e:6e:b2:55 10.0.0.13 fdad:a0f9:a012:0:f816:3eff:fe6e:b255" +ovn-nbctl lsp-set-port-security lp2 "fa:16:3e:6e:b2:55 10.0.0.13 fdad:a0f9:a012:0:f816:3eff:fe6e:b255" + +# Add ACL rule for ICMPv6 on lsw0 +ovn-nbctl acl-add lsw0 from-lport 1002 'ip6 && icmp6' allow-related +ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp1" && ip6 && icmp6' allow-related +ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2" && ip6 && icmp6' allow-related + +# Allow some time for ovn-northd and ovn-controller to catch up. +# XXX This should be more systematic. +sleep 1 + +# Given the name of a logical port, prints the name of the hypervisor +# on which it is located. +vif_to_hv() { + echo hv1${1%?} +} +trim_zeros() { + sed 's/\(00\)\{1,\}$//' +} +for i in 1 2; do + : > $i.expected +done + +# Complete Router Solicitation packet and Router Advertisement packet. +rs_packet=333300000002fa163e6ea14286dd6000000000103afffe80000000000000f8163efffe6ea142ff0200000000000000000000000000028500cb9e000000000101fa163e6ea142 +packet_l2=fa163e6ea142fa163e323ce086dd +packet_l3=6000000000403afffe80000000000000f8163efffe323ce0fe80000000000000f8163efffe6ea142 +packet_l4_hd_no_csum=860040002a300000000000000000 +sll_opt=0101fa163e323ce0 +mtu_opt=05010000000005aa +prefix_opt=030440c000002a3000002a3000000000fdada0f9a01200000000000000000000 +ra_packet=$packet_l2$packet_l3$packet_l4_hd_no_csum$sll_opt$mtu_opt$prefix_opt + +as hv1 ovs-appctl netdev-dummy/receive vif1 $rs_packet +echo $ra_packet | trim_zeros >> 1.expected + +sleep 1 + +# Extend lrp0 networks, update lp2 addresses and l2 port security. +ovn-nbctl add Logical_Router_Port lrp0 networks \"fdad:b123:d789::1/64\" +ovn-nbctl set Logical_Switch_Port lp2 addresses \"fa:16:3e:6e:b2:55 10.0.0.13 fdad:a0f9:a012:0:f816:3eff:fe6e:b255 fdad:b123:d789:0:f816:3eff:fe6e +ovn-nbctl set Logical_Switch_Port lp2 port-security \"fa:16:3e:6e:b2:55 10.0.0.13 fdad:a0f9:a012:0:f816:3eff:fe6e:b255 fdad:b123:d789:0:f816:3eff: +# Update Router solicitation packet for lp2. +rs_packet=333300000002fa163e6eb25586dd6000000000103afffe80000000000000f8163efffe6eb255ff0200000000000000000000000000028500cb9e000000000101fa163e6eb255 +# Router Advertisement packet should have a new prefix information option. +packet_l2=fa163e6eb255fa163e323ce086dd +packet_l3=6000000000603afffe80000000000000f8163efffe323ce0fe80000000000000f8163efffe6eb255 +new_prefix_opt=030440c000002a3000002a3000000000fdadb123d78900000000000000000000 +ra_packet=$packet_l2$packet_l3$packet_l4_hd_no_csum$sll_opt$mtu_opt$prefix_opt$new_prefix_opt + +as hv1 ovs-appctl netdev-dummy/receive vif2 $rs_packet +echo $ra_packet | trim_zeros >> 2.expected + +sleep 1 + +echo "------ hv1 dump ------" +as hv1 ovs-vsctl show +as hv1 ovs-ofctl -O OpenFlow13 show br-int +as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int + +for i in 1 2; do + file=hv1/vif$i-tx.pcap + echo $file + # Remove checksum to compare. + $PYTHON "$top_srcdir/utilities/ovs-pcap.in" $file | trim_zeros | cut -b 1-112,117- > $i.packets + cat $i.expected > expout + AT_CHECK([cat $i.packets], [0], [expout]) +done + +OVN_CLEANUP([hv1]) + +AT_CLEANUP diff --git a/ovn/lib/logical-fields.c b/ovn/lib/logical-fields.c index b906cf8..1152d9f 100644 --- a/ovn/lib/logical-fields.c +++ b/ovn/lib/logical-fields.c @@ -185,7 +185,9 @@ ovn_init_symtab(struct shash *symtab) expr_symtab_add_predicate(symtab, "nd_na", "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255"); expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET, "nd", false); - expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL, "nd_ns", false); + expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL, + "icmp6.type == {133, 134, 135} && " + "icmp6.code == 0 && ip.ttl == 255", false); expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL, "nd_na", false); expr_symtab_add_predicate(symtab, "tcp", "ip.proto == 6"); diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 861f872..5db7ad3 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -126,9 +126,10 @@ enum ovn_stage { PIPELINE_STAGE(ROUTER, IN, IP_INPUT, 1, "lr_in_ip_input") \ PIPELINE_STAGE(ROUTER, IN, UNSNAT, 2, "lr_in_unsnat") \ PIPELINE_STAGE(ROUTER, IN, DNAT, 3, "lr_in_dnat") \ - PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 4, "lr_in_ip_routing") \ - PIPELINE_STAGE(ROUTER, IN, ARP_RESOLVE, 5, "lr_in_arp_resolve") \ - PIPELINE_STAGE(ROUTER, IN, ARP_REQUEST, 6, "lr_in_arp_request") \ + PIPELINE_STAGE(ROUTER, IN, RS_RSP, 4, "lr_in_rs_rsp") \ + PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 5, "lr_in_ip_routing") \ + PIPELINE_STAGE(ROUTER, IN, ARP_RESOLVE, 6, "lr_in_arp_resolve") \ + PIPELINE_STAGE(ROUTER, IN, ARP_REQUEST, 7, "lr_in_arp_request") \ \ /* Logical router egress stages. */ \ PIPELINE_STAGE(ROUTER, OUT, SNAT, 0, "lr_out_snat") \ @@ -2579,6 +2580,32 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, ovn_lflow_add(lflows, od, S_SWITCH_IN_DHCP_RESPONSE, 0, "1", "next;"); } + /* Ingress table 12: Destination lookup, router solicitation handling + * (priority 110). */ + HMAP_FOR_EACH (od, key_node, datapaths) { + if (!od->nbs) { + continue; + } + + if (!od->n_router_ports) { + continue; + } + + ds_clear(&actions); + for (size_t i = 0; i != od->n_router_ports; i++) { + op = od->router_ports[i]; + if (!op->lsp_addrs || !op->lsp_addrs->n_ipv6_addrs) { + continue; + } + ds_put_format(&actions, "outport = %s; output; ", op->json_key); + } + if (actions.length != 0) { + ds_chomp(&actions, ' '); + ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110, "nd_rs", + ds_cstr(&actions)); + } + } + /* Ingress table 12: Destination lookup, broadcast and multicast handling * (priority 100). */ HMAP_FOR_EACH (op, key_node, ports) { @@ -3406,7 +3433,61 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "ip", "flags.loopback = 1; ct_dnat;"); } - /* Logical router ingress table 4: IP Routing. + /* Logical router ingress table 4: RS responder, by default goto next. + * (priority 0)*/ + HMAP_FOR_EACH (od, key_node, datapaths) { + if (!od->nbr) { + continue; + } + + ovn_lflow_add(lflows, od, S_ROUTER_IN_RS_RSP, 0, "1", "next;"); + } + + /* Logical router ingress table 4: RS responder, reply for 'slaac' enabled + * router port. (priority 50)*/ + HMAP_FOR_EACH (op, key_node, ports) { + if (!op->nbrp || op->nbrp->peer + || !op->peer + || !op->nbrp->slaac + || !*op->nbrp->slaac) { + continue; + } + + const char *mtu_s = smap_get(&op->peer->od->nbs->other_config, "mtu"); + if (!mtu_s) { + continue; + } + int mtu = atoi(mtu_s); + /* Per https://tools.ietf.org/html/rfc2460, consider 1280 as minimum + * valid MTU value for IPv6 on a logical switch. */ + if (mtu < 1280) { + continue; + } + ds_clear(&match); + ds_put_format(&match, "inport == %s", op->json_key); + ds_put_cstr(&match, " && ip6.dst == ff02::2 && nd_rs"); + ds_clear(&actions); + ds_put_format(&actions, "nd_ra{slaac(%s,", op->lrp_networks.ea_s); + ds_put_format(&actions, "%d,", mtu); + size_t actions_len = actions.length; + for (size_t i = 0; i != op->lrp_networks.n_ipv6_addrs; i++) { + if (in6_is_lla(&op->lrp_networks.ipv6_addrs[i].network)) { + continue; + } + ds_put_format(&actions, "%s/%u,", + op->lrp_networks.ipv6_addrs[i].network_s, + op->lrp_networks.ipv6_addrs[i].plen); + } + if (actions.length != actions_len) { + ds_chomp(&actions, ','); + ds_put_cstr(&actions, "); outport = inport; flags.loopback = 1;" + " output;};"); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_RS_RSP, 50, + ds_cstr(&match), ds_cstr(&actions)); + } + } + + /* Logical router ingress table 5: IP Routing. * * A packet that arrives at this table is an IP packet that should be * routed to the address in 'ip[46].dst'. This table sets outport to @@ -3448,7 +3529,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, /* XXX destination unreachable */ - /* Local router ingress table 5: ARP Resolution. + /* Local router ingress table 6: ARP Resolution. * * Any packet that reaches this table is an IP packet whose next-hop IP * address is in reg0. (ip4.dst is the final destination.) This table @@ -3645,7 +3726,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "get_nd(outport, xxreg0); next;"); } - /* Local router ingress table 6: ARP request. + /* Local router ingress table 7: ARP request. * * In the common case where the Ethernet destination has been resolved, * this table outputs the packet (priority 0). Otherwise, it composes diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema index 660db76..c802571 100644 --- a/ovn/ovn-nb.ovsschema +++ b/ovn/ovn-nb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Northbound", - "version": "5.3.0", - "cksum": "1305504870 9051", + "version": "5.4.0", + "cksum": "3777848460 9126", "tables": { "NB_Global": { "columns": { @@ -150,6 +150,7 @@ "mac": {"type": "string"}, "peer": {"type": {"key": "string", "min": 0, "max": 1}}, "enabled": {"type": {"key": "boolean", "min": 0, "max": 1}}, + "slaac": {"type": {"key": "boolean", "min": 0, "max": 1}}, "external_ids": { "type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}}}, diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml index 4ce295a..c288f4a 100644 --- a/ovn/ovn-nb.xml +++ b/ovn/ovn-nb.xml @@ -132,6 +132,10 @@ column="addresses"/> column to request dynamic address assignment for a particular port. + + + Logical Switch MTU. + @@ -904,6 +908,13 @@ port has all ingress and egress traffic dropped. + + Setting true specifies the logical switch subnets behind + this router port IPv6 networks are going to use SLAAC as IPv6 address + configuration and RA mode. Otherwise set this column to + false, or this router port has no IPv6 networks. + +

A given router port serves one of two purposes: diff --git a/tests/ovn.at b/tests/ovn.at index 33ace16..3352434 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -748,7 +748,7 @@ get_nd(inport, outport); => Cannot use string field outport where numeric field get_nd(xxreg0, ip6.dst); => Cannot use numeric field xxreg0 where string field is required. # put_nd -put_nd(inport, nd.target, nd.sll); => actions=push:NXM_NX_XXREG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ND_SLL[],push:NXM_NX_ND_TARGET[],pop:NXM_NX_XXREG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.04.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_XXREG0[], prereqs=((icmp6.type == 0x85 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x86 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x88 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd ) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) +put_nd(inport, nd.target, nd.sll); => actions=push:NXM_NX_XXREG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ND_SLL[],push:NXM_NX_ND_TARGET[],pop:NXM_NX_XXREG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.04.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_XXREG0[], prereqs=((icmp6.type == 0x85 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x86 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x88 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) && ((icmp6.type == 0x85 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86 dd)) || (icmp6.type == 0x86 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd)