]> git.proxmox.com Git - mirror_ovs.git/commitdiff
projects / mirror_ovs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 159932c)
OVN: add protocol unreachable support to OVN router ports
authorLorenzo Bianconi <lorenzo.bianconi@redhat.com>
Mon, 18 Jun 2018 11:56:00 +0000 (13:56 +0200)
committerBen Pfaff <blp@ovn.org>
Mon, 18 Jun 2018 22:59:17 +0000 (15:59 -0700)
Add priority-70 flows to generate ICMP protocol unreachable messages
in reply to packets directed to the router's IP address on IP protocols
other than UDP, TCP, and ICMP

Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
ovn/northd/ovn-northd.8.xml patch | blob | blame | history
ovn/northd/ovn-northd.c patch | blob | blame | history
tests/ovn.at patch | blob | blame | history

diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index 18a481b3dfd2eeebcf17b95d5ddb51415c48d8c7..cfd35115ed0b47cdc77b72a6ca7091e250584e37 100644 (file)
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -1342,10 +1342,6 @@ nd_na {
         <p>
           These flows should not match IP fragments with nonzero offset.
         </p>
-
-        <p>
-          Details TBD.  Not yet implemented.
-        </p>
       </li>
 
       <li>
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index d8fc35d8e4c75a8940a604ca1cd75e1f8ba59f1c..72fe4e795871a9a92d6e4ba34364f682b46cc263 100644 (file)
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -5169,6 +5169,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                         "next; };";
             ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
                           ds_cstr(&match), action);
+
+            ds_clear(&match);
+            ds_put_format(&match,
+                          "ip4 && ip4.dst == %s && !ip.later_frag",
+                          op->lrp_networks.ipv4_addrs[i].addr_s);
+            action = "icmp4 {"
+                        "eth.dst <-> eth.src; "
+                        "ip4.dst <-> ip4.src; "
+                        "ip.ttl = 255; "
+                        "icmp4.type = 3; "
+                        "icmp4.code = 2; "
+                        "next; };";
+            ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70,
+                          ds_cstr(&match), action);
         }
 
         ds_clear(&match);
diff --git a/tests/ovn.at b/tests/ovn.at
index 4648a303c2b0a3860ea0e4394a8a6607cb81d04e..6553d17c671393ba4015138f8408ea0094be1cac 100644 (file)
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -10444,6 +10444,7 @@ OVN_POPULATE_ARP
 ovn-nbctl --wait=hv sync
 
 test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 11 0000 7dae fcfc 0303
+test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 84 0000 7dae fcfd 0302
 OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [vif1.expected])
 
 test_tcp_syn_packet 2 2 000000000002 00000000ff02 $(ip_to_hex 192 168 2 1) $(ip_to_hex 192 168 2 254) 0000 8b40 3039 0000 7bae 4486
openvswitch mirror