@@ -5324,7 +5324,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
ds_cstr(&match), ds_cstr(&actions));
}
- /* TCP port unreachable */
+ /* UDP/TCP port unreachable */
if (!smap_get(&op->od->nbr->options, "chassis")
&& !op->od->l3dgw_port) {
for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
@@ -5338,6 +5338,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
"next; };";
ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
ds_cstr(&match), action);
+
+ ds_clear(&match);
+ ds_put_format(&match,
+ "ip6 && ip6.dst == %s && !ip.later_frag && udp",
+ op->lrp_networks.ipv6_addrs[i].addr_s);
+ action = "icmp6 {"
+ "eth.dst <-> eth.src; "
+ "ip6.dst <-> ip6.src; "
+ "ip.ttl = 255; "
+ "icmp6.type = 1; "
+ "icmp6.code = 4; "
+ "next; };";
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
+ ds_cstr(&match), action);
}
}
@@ -10434,6 +10434,25 @@ test_tcp_syn_packet() {
as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
}
+# test_ip6_packet INPORT HV ETH_SRC ETH_DST IPV6_SRC IPV6_DST IPV6_PROTO IPV6_LEN DATA EXP_ICMP_CODE EXP_ICMP_CHKSUM
+#
+# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an IPv6
+# packet with ETH_SRC, ETH_DST, IPV6_SRC, IPV6_DST, IPV6_PROTO, IPV6_LEN and DATA as specified.
+# EXP_ICMP_CODE and EXP_ICMP_CHKSUM are the code and checksum of the icmp6 packet sent by OVN logical router
+test_ip6_packet() {
+ local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv6_src=$5 ipv6_dst=$6 ipv6_proto=$7 ipv6_len=$8 data=$9
+ local exp_icmp_code=${10} exp_icmp_chksum=${11}
+ shift 11
+
+ local ip6_hdr=60000000${ipv6_len}${ipv6_proto}ff${ipv6_src}${ipv6_dst}
+ local packet=${eth_dst}${eth_src}86dd${ip6_hdr}${data}
+
+ local reply=${eth_src}${eth_dst}86dd6000000000303afe${ipv6_dst}${ipv6_src}${exp_icmp_code}${exp_icmp_chksum}00000000${ip6_hdr}
+ echo $reply >> vif$inport.expected
+
+ as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet
+}
+
ip_to_hex() {
printf "%02x%02x%02x%02x" "$@"
}
@@ -10448,7 +10467,7 @@ for i in 1 2; do
ovn_attach n$i br-phys 192.168.$i.1
ovn-nbctl lsp-add sw$i sw$i-p${i}0 -- \
- lsp-set-addresses sw$i-p${i}0 "00:00:00:00:00:0$i 192.168.$i.1"
+ lsp-set-addresses sw$i-p${i}0 "00:00:00:00:00:0$i 192.168.$i.1 2001:db8:$i::11"
ovs-vsctl -- add-port br-int vif$i -- \
set interface vif$i \
@@ -10460,10 +10479,10 @@ done
ovn-nbctl lr-add lr0
for i in 1 2; do
- ovn-nbctl lrp-add lr0 lrp$i 00:00:00:00:ff:0$i 192.168.$i.254/24
+ ovn-nbctl lrp-add lr0 lrp$i 00:00:00:00:ff:0$i 192.168.$i.254/24 2001:db8:$i::1/64
ovn-nbctl -- lsp-add sw$i lrp$i-attachment \
-- set Logical_Switch_Port lrp$i-attachment type=router \
- options:router-port=lrp$i addresses='"00:00:00:00:ff:'0$i'"'
+ options:router-port=lrp$i addresses='"00:00:00:00:ff:0'$i' 192.168.'$i'.254 2001:db8:'$i'::1"'
done
OVN_POPULATE_ARP
@@ -10472,6 +10491,7 @@ ovn-nbctl --wait=hv sync
test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 11 0000 7dae fcfc 0303
test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 84 0000 7dae fcfd 0302
+test_ip6_packet 1 1 000000000001 00000000ff01 20010db8000100000000000000000011 20010db8000100000000000000000001 11 0015 dbb8303900155bac6b646f65206676676e6d66720a 0104 d570
OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [vif1.expected])
test_tcp_syn_packet 2 2 000000000002 00000000ff02 $(ip_to_hex 192 168 2 1) $(ip_to_hex 192 168 2 254) 0000 8b40 3039 0000 7bae 4486
Add priority-80 flow to generate ICMPv6 port unreachable messages in reply to IPv6 UDP datagrams directed to the router's IP address since the logical router doesn't accept any UDP traffic Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> --- ovn/northd/ovn-northd.c | 16 +++++++++++++++- tests/ovn.at | 26 +++++++++++++++++++++++--- 2 files changed, 38 insertions(+), 4 deletions(-)