Add priority-80 flow to generate ICMPv6 port unreachable messages in reply to IPv6 UDP datagrams directed to the router's IP address since the logical router doesn't accept any UDP traffic
Signed-off-by: Lorenzo Bianconi <[email protected]> --- ovn/northd/ovn-northd.c | 16 +++++++++++++++- tests/ovn.at | 26 +++++++++++++++++++++++--- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 81fc95b71..912e0188d 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -5324,7 +5324,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_cstr(&match), ds_cstr(&actions)); } - /* TCP port unreachable */ + /* UDP/TCP port unreachable */ if (!smap_get(&op->od->nbr->options, "chassis") && !op->od->l3dgw_port) { for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { @@ -5338,6 +5338,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "next; };"; ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, ds_cstr(&match), action); + + ds_clear(&match); + ds_put_format(&match, + "ip6 && ip6.dst == %s && !ip.later_frag && udp", + op->lrp_networks.ipv6_addrs[i].addr_s); + action = "icmp6 {" + "eth.dst <-> eth.src; " + "ip6.dst <-> ip6.src; " + "ip.ttl = 255; " + "icmp6.type = 1; " + "icmp6.code = 4; " + "next; };"; + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, + ds_cstr(&match), action); } } diff --git a/tests/ovn.at b/tests/ovn.at index 6ebf101c8..eac928fbb 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -10434,6 +10434,25 @@ test_tcp_syn_packet() { as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet } +# test_ip6_packet INPORT HV ETH_SRC ETH_DST IPV6_SRC IPV6_DST IPV6_PROTO IPV6_LEN DATA EXP_ICMP_CODE EXP_ICMP_CHKSUM +# +# Causes a packet to be received on INPORT of the hypervisor HV. The packet is an IPv6 +# packet with ETH_SRC, ETH_DST, IPV6_SRC, IPV6_DST, IPV6_PROTO, IPV6_LEN and DATA as specified. +# EXP_ICMP_CODE and EXP_ICMP_CHKSUM are the code and checksum of the icmp6 packet sent by OVN logical router +test_ip6_packet() { + local inport=$1 hv=$2 eth_src=$3 eth_dst=$4 ipv6_src=$5 ipv6_dst=$6 ipv6_proto=$7 ipv6_len=$8 data=$9 + local exp_icmp_code=${10} exp_icmp_chksum=${11} + shift 11 + + local ip6_hdr=60000000${ipv6_len}${ipv6_proto}ff${ipv6_src}${ipv6_dst} + local packet=${eth_dst}${eth_src}86dd${ip6_hdr}${data} + + local reply=${eth_src}${eth_dst}86dd6000000000303afe${ipv6_dst}${ipv6_src}${exp_icmp_code}${exp_icmp_chksum}00000000${ip6_hdr} + echo $reply >> vif$inport.expected + + as hv$hv ovs-appctl netdev-dummy/receive vif$inport $packet +} + ip_to_hex() { printf "%02x%02x%02x%02x" "$@" } @@ -10448,7 +10467,7 @@ for i in 1 2; do ovn_attach n$i br-phys 192.168.$i.1 ovn-nbctl lsp-add sw$i sw$i-p${i}0 -- \ - lsp-set-addresses sw$i-p${i}0 "00:00:00:00:00:0$i 192.168.$i.1" + lsp-set-addresses sw$i-p${i}0 "00:00:00:00:00:0$i 192.168.$i.1 2001:db8:$i::11" ovs-vsctl -- add-port br-int vif$i -- \ set interface vif$i \ @@ -10460,10 +10479,10 @@ done ovn-nbctl lr-add lr0 for i in 1 2; do - ovn-nbctl lrp-add lr0 lrp$i 00:00:00:00:ff:0$i 192.168.$i.254/24 + ovn-nbctl lrp-add lr0 lrp$i 00:00:00:00:ff:0$i 192.168.$i.254/24 2001:db8:$i::1/64 ovn-nbctl -- lsp-add sw$i lrp$i-attachment \ -- set Logical_Switch_Port lrp$i-attachment type=router \ - options:router-port=lrp$i addresses='"00:00:00:00:ff:'0$i'"' + options:router-port=lrp$i addresses='"00:00:00:00:ff:0'$i' 192.168.'$i'.254 2001:db8:'$i'::1"' done OVN_POPULATE_ARP @@ -10472,6 +10491,7 @@ ovn-nbctl --wait=hv sync test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 11 0000 7dae fcfc 0303 test_ip_packet 1 1 000000000001 00000000ff01 $(ip_to_hex 192 168 1 1) $(ip_to_hex 192 168 1 254) 84 0000 7dae fcfd 0302 +test_ip6_packet 1 1 000000000001 00000000ff01 20010db8000100000000000000000011 20010db8000100000000000000000001 11 0015 dbb8303900155bac6b646f65206676676e6d66720a 0104 d570 OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [vif1.expected]) test_tcp_syn_packet 2 2 000000000002 00000000ff02 $(ip_to_hex 192 168 2 1) $(ip_to_hex 192 168 2 254) 0000 8b40 3039 0000 7bae 4486 -- 2.17.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
