> On 24/07/2021 15:01, Lorenzo Bianconi wrote: > > As it is already done for distributed gw router scenario, introduce > > check_pkt_larger logical flows for gw router use case. > > > > Co-authored-by: Numan Siddique <[email protected]> > > Signed-off-by: Numan Siddique <[email protected]> > > Signed-off-by: Lorenzo Bianconi <[email protected]> > > Two small documentation issues,
thx Mark, I will fix them in v7. Regards, Lorenzo > > otherwise: > > Acked-by: Mark D. Gray <[email protected]> > > --- > > northd/ovn-northd.8.xml | 24 ++++---- > > northd/ovn-northd.c | 30 +++++++--- > > northd/ovn_northd.dl | 82 +++++++++++++++++++++++++++ > > tests/ovn-northd.at | 121 ++++++++++++++++++++++++++++++++++++++++ > > tests/ovn.at | 47 ++++++++++++++++ > > 5 files changed, 283 insertions(+), 21 deletions(-) > > > > diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml > > index 99a19f853..5f2b43cd1 100644 > > --- a/northd/ovn-northd.8.xml > > +++ b/northd/ovn-northd.8.xml > > @@ -3673,13 +3673,13 @@ outport = <var>P</var> > > <h3>Ingress Table 15: Check packet length</h3> > > > > <p> > > - For distributed logical routers with distributed gateway port > > configured > > - with <code>options:gateway_mtu</code> to a valid integer value, this > > - table adds a priority-50 logical flow with the match > > - <code>ip4 && outport == <var>GW_PORT</var></code> where > > - <var>GW_PORT</var> is the distributed gateway router port and > > applies the > > - action <code>check_pkt_larger</code> and advances the packet to the > > - next table. > > + For distributed logical routers or gateway routers with gateway > > + port configured with <code>options:gateway_mtu</code> to a valid > > + integer value, this table adds a priority-50 logical flow with > > + the match <code>ip4 && outport == <var>GW_PORT</var></code> > > You did not introduce this but the documentation states that we match on > ip4. This is not the case any more as we support IPv6 and IPv4. Can you > update the documentation. > > > + where <var>GW_PORT</var> is the gateway router port and applies > > + the action <code>check_pkt_larger</code> and advances the packet > > + to the next table. > > </p> > > > > <pre> > > @@ -3703,14 +3703,14 @@ REGBIT_PKT_LARGER = check_pkt_larger(<var>L</var>); > > next; > > <h3>Ingress Table 16: Handle larger packets</h3> > > > > <p> > > - For distributed logical routers with distributed gateway port > > configured > > - with <code>options:gateway_mtu</code> to a valid integer value, this > > - table adds the following priority-50 logical flow for each > > + For distributed logical routers or gateway routers with gateway port > > + configured with <code>options:gateway_mtu</code> to a valid integer > > + value, this table adds the following priority-50 logical flow for > > each > > logical router port with the match <code>inport == <var>LRP</var> > > && outport == <var>GW_PORT</var> && > > REGBIT_PKT_LARGER</code>, where <var>LRP</var> is the logical > > - router port and <var>GW_PORT</var> is the distributed gateway router > > - port and applies the following action for ipv4 and ipv6 respectively: > > + router port and <var>GW_PORT</var> is the gateway router port and > > applies > > + the following action for ipv4 and ipv6 respectively: > > </p> > > > > <pre> > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c > > index 18f6f90ce..20f8d7b73 100644 > > --- a/northd/ovn-northd.c > > +++ b/northd/ovn-northd.c > > @@ -11038,17 +11038,29 @@ build_check_pkt_len_flows_for_lrouter( > > struct ds *match, struct ds *actions, > > struct shash *meter_groups) > > { > > - if (od->nbr) { > > + if (!od->nbr) { > > + return; > > + } > > > > - /* Packets are allowed by default. */ > > - ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", > > - "next;"); > > - ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", > > - "next;"); > > + /* Packets are allowed by default. */ > > + ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", > > + "next;"); > > + ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", > > + "next;"); > > > > - if (od->l3dgw_port && od->l3redirect_port) { > > - build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, > > - ports, meter_groups, > > + if (od->l3dgw_port && od->l3redirect_port) { > > + /* gw router port */ > > + build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, > > + ports, meter_groups, match, > > actions); > > + } else if (smap_get(&od->nbr->options, "chassis")) { > > + for (size_t i = 0; i < od->nbr->n_ports; i++) { > > + /* gw router */ > > + struct ovn_port *rp = ovn_port_find(ports, > > + od->nbr->ports[i]->name); > > + if (!rp) { > > + continue; > > + } > > + build_check_pkt_len_flows_for_lrp(rp, lflows, ports, > > meter_groups, > > match, actions); > > } > > } > > diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl > > index 7bfaae992..4c7bf386a 100644 > > --- a/northd/ovn_northd.dl > > +++ b/northd/ovn_northd.dl > > @@ -7504,6 +7504,7 @@ for (&Router(._uuid = lr_uuid)) > > > > /* Local router ingress table CHK_PKT_LEN: Check packet length. > > * > > + * For distributed routers with gateway ports. > > * Any IPv4 packet with outport set to the distributed gateway > > * router port, check the packet length and store the result in the > > * 'REGBIT_PKT_LARGER' register bit. > > @@ -7514,6 +7515,18 @@ for (&Router(._uuid = lr_uuid)) > > * router port and the 'REGBIT_PKT_LARGER' register bit is set, > > * generate ICMPv4 packet with type 3 (Destination Unreachable) and > > * code 4 (Fragmentation needed). > > + * > > + * For Gateway routers. > > + * Any IPv4 packet with outport set to the router port which has > > + * the option 'gateway_mtu' set, check the packet length and store > > + * the result in the 'REGBIT_PKT_LARGER' register bit. > > + * > > + * Local router ingress table LARGER_PKTS: Handle larger packets. > > + * > > + * Any IPv4 packet with outport set to the router port which has > > + * the option 'gateway_mtu' set and the 'REGBIT_PKT_LARGER' register bit > > + * is set, generate ICMPv4 packet with type 3 (Destination Unreachable) and > > + * code 4 (Fragmentation needed). > > This comment also refers to IPv4, however, we also support IPv6. > > * */ > > Flow(.logical_datapath = lr_uuid, > > .stage = s_ROUTER_IN_CHK_PKT_LEN(), > > @@ -7602,6 +7615,75 @@ MeteredFlow(.logical_datapath = lr_uuid, > > rp.lrp != l3dgw_port, > > Some{var first_ipv6} = rp.networks.ipv6_addrs.nth(0). > > > > +/* Gateway routers. */ > > +Flow(.logical_datapath = lr_uuid, > > + .stage = s_ROUTER_IN_CHK_PKT_LEN(), > > + .priority = 50, > > + .__match = "outport == ${gw_mtu_rp.json_name}", > > + .actions = "${rEGBIT_PKT_LARGER()} = > > check_pkt_larger(${mtu}); " > > + "next;", > > + .external_ids = stage_hint(gw_mtu_rp.lrp._uuid)) :- > > + r in &Router(._uuid = lr_uuid), > > + r.is_gateway, > > + gw_mtu_rp in &RouterPort(.router = r), > > + var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), > > + gw_mtu > 0, > > + var mtu = gw_mtu + vLAN_ETH_HEADER_LEN(). > > +Flow(.logical_datapath = lr_uuid, > > + .stage = s_ROUTER_IN_LARGER_PKTS(), > > + .priority = 50, > > + .__match = "inport == ${rp.json_name} && outport == > > ${gw_mtu_rp.json_name} && " > > + "ip4 && ${rEGBIT_PKT_LARGER()}", > > + .actions = "icmp4_error {" > > + "${rEGBIT_EGRESS_LOOPBACK()} = 1; " > > + "eth.dst = ${rp.networks.ea}; " > > + "ip4.dst = ip4.src; " > > + "ip4.src = ${first_ipv4.addr}; " > > + "ip.ttl = 255; " > > + "icmp4.type = 3; /* Destination Unreachable. */ " > > + "icmp4.code = 4; /* Frag Needed and DF was Set. > > */ " > > + /* Set icmp4.frag_mtu to gw_mtu */ > > + "icmp4.frag_mtu = ${gw_mtu}; " > > + "next(pipeline=ingress, table=0); " > > + "};", > > + .external_ids = stage_hint(rp.lrp._uuid)) :- > > + r in &Router(._uuid = lr_uuid), > > + r.is_gateway, > > + gw_mtu_rp in &RouterPort(.router = r), > > + var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), > > + gw_mtu > 0, > > + var mtu = gw_mtu + vLAN_ETH_HEADER_LEN(), > > + rp in &RouterPort(.router = r), > > + rp.lrp != gw_mtu_rp.lrp, > > + Some{var first_ipv4} = rp.networks.ipv4_addrs.nth(0). > > +Flow(.logical_datapath = lr_uuid, > > + .stage = s_ROUTER_IN_LARGER_PKTS(), > > + .priority = 50, > > + .__match = "inport == ${rp.json_name} && outport == > > ${gw_mtu_rp.json_name} && " > > + "ip6 && ${rEGBIT_PKT_LARGER()}", > > + .actions = "icmp6_error {" > > + "${rEGBIT_EGRESS_LOOPBACK()} = 1; " > > + "eth.dst = ${rp.networks.ea}; " > > + "ip6.dst = ip6.src; " > > + "ip6.src = ${first_ipv6.addr}; " > > + "ip.ttl = 255; " > > + "icmp6.type = 2; /* Packet Too Big. */ " > > + "icmp6.code = 0; " > > + /* Set icmp6.frag_mtu to gw_mtu */ > > + "icmp6.frag_mtu = ${gw_mtu}; " > > + "next(pipeline=ingress, table=0); " > > + "};", > > + .external_ids = stage_hint(rp.lrp._uuid)) :- > > + r in &Router(._uuid = lr_uuid), > > + r.is_gateway, > > + gw_mtu_rp in &RouterPort(.router = r), > > + var gw_mtu = gw_mtu_rp.lrp.options.get_int_def("gateway_mtu", 0), > > + gw_mtu > 0, > > + var mtu = gw_mtu + vLAN_ETH_HEADER_LEN(), > > + rp in &RouterPort(.router = r), > > + rp.lrp != gw_mtu_rp.lrp, > > + Some{var first_ipv6} = rp.networks.ipv6_addrs.nth(0). > > + > > /* Logical router ingress table GW_REDIRECT: Gateway redirect. > > * > > * For traffic with outport equal to the l3dgw_port > > diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at > > index 94405349e..56d8be7cc 100644 > > --- a/tests/ovn-northd.at > > +++ b/tests/ovn-northd.at > > @@ -4815,3 +4815,124 @@ AT_CHECK([ovn-sbctl --columns=tags list > > logical_flow | grep lsp0 -c], [0], [dnl > > > > AT_CLEANUP > > ]) > > + > > +OVN_FOR_EACH_NORTHD([ > > +AT_SETUP([ovn -- gateway mtu check pkt larger flows]) > > +ovn_start > > + > > +check ovn-sbctl chassis-add ch1 geneve 127.0.0.1 > > + > > +check ovn-nbctl ls-add sw0 > > +check ovn-nbctl ls-add sw1 > > + > > +# Create a logical router and attach both logical switches > > +check ovn-nbctl lr-add lr0 > > +check ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24 > > +check ovn-nbctl lsp-add sw0 sw0-lr0 > > +check ovn-nbctl lsp-set-type sw0-lr0 router > > +check ovn-nbctl lsp-set-addresses sw0-lr0 00:00:00:00:ff:01 > > +check ovn-nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0 > > + > > +check ovn-nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24 > > +check ovn-nbctl lsp-add sw1 sw1-lr0 > > +check ovn-nbctl lsp-set-type sw1-lr0 router > > +check ovn-nbctl lsp-set-addresses sw1-lr0 00:00:00:00:ff:02 > > +check ovn-nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1 > > + > > +check ovn-nbctl ls-add public > > +check ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.100/24 > > +check ovn-nbctl lsp-add public public-lr0 > > +check ovn-nbctl lsp-set-type public-lr0 router > > +check ovn-nbctl lsp-set-addresses public-lr0 router > > +check ovn-nbctl lsp-set-options public-lr0 router-port=lr0-public > > + > > +check ovn-nbctl --wait=sb lrp-set-gateway-chassis lr0-public ch1 > > + > > +ovn-sbctl dump-flows lr0 > lr0flows > > +AT_CAPTURE_FILE([sw0flows]) > > + > > +AT_CHECK([grep -e "chk_pkt_len" -e "lr_in_larger_pkts" lr0flows | sort], > > [0], [dnl > > + table=15(lr_in_chk_pkt_len ), priority=0 , match=(1), action=(next;) > > + table=16(lr_in_larger_pkts ), priority=0 , match=(1), action=(next;) > > +]) > > + > > +check ovn-nbctl --wait=sb set logical_router_port lr0-public > > options:gateway_mtu=1500 > > + > > +ovn-sbctl dump-flows lr0 > lr0flows > > +AT_CAPTURE_FILE([sw0flows]) > > + > > +AT_CHECK([grep -e "chk_pkt_len" -e "lr_in_larger_pkts" lr0flows | sort], > > [0], [dnl > > + table=15(lr_in_chk_pkt_len ), priority=0 , match=(1), action=(next;) > > + table=15(lr_in_chk_pkt_len ), priority=50 , match=(outport == > > "lr0-public"), action=(reg9[[1]] = check_pkt_larger(1518); next;) > > + table=16(lr_in_larger_pkts ), priority=0 , match=(1), action=(next;) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw0" && outport == "lr0-public" && ip4 && reg9[[1]]), > > action=(icmp4_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:01; ip4.dst = > > ip4.src; ip4.src = 10.0.0.1; ip.ttl = 255; icmp4.type = 3; /* Destination > > Unreachable. */ icmp4.code = 4; /* Frag Needed and DF was Set. */ > > icmp4.frag_mtu = 1500; next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw0" && outport == "lr0-public" && ip6 && reg9[[1]]), > > action=(icmp6_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:01; ip6.dst = > > ip6.src; ip6.src = fe80::200:ff:fe00:ff01; ip.ttl = 255; icmp6.type = 2; /* > > Packet Too Big. */ icmp6.code = 0; icmp6.frag_mtu = 1500; > > next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-public" && ip4 && reg9[[1]]), > > action=(icmp4_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip4.dst = > > ip4.src; ip4.src = 20.0.0.1; ip.ttl = 255; icmp4.type = 3; /* Destination > > Unreachable. */ icmp4.code = 4; /* Frag Needed and DF was Set. */ > > icmp4.frag_mtu = 1500; next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-public" && ip6 && reg9[[1]]), > > action=(icmp6_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip6.dst = > > ip6.src; ip6.src = fe80::200:ff:fe00:ff02; ip.ttl = 255; icmp6.type = 2; /* > > Packet Too Big. */ icmp6.code = 0; icmp6.frag_mtu = 1500; > > next(pipeline=ingress, table=0); };) > > +]) > > + > > +# Clear the gateway-chassis for lr0-public > > +check ovn-nbctl --wait=sb clear logical_router_port lr0-public > > gateway_chassis > > + > > +ovn-sbctl dump-flows lr0 > lr0flows > > +AT_CAPTURE_FILE([sw0flows]) > > + > > +AT_CHECK([grep -e "chk_pkt_len" -e "lr_in_larger_pkts" lr0flows | sort], > > [0], [dnl > > + table=15(lr_in_chk_pkt_len ), priority=0 , match=(1), action=(next;) > > + table=16(lr_in_larger_pkts ), priority=0 , match=(1), action=(next;) > > +]) > > + > > +# Make lr0 as a gateway router. > > +check ovn-nbctl --wait=sb set logical_router lr0 options:chassis=ch1 > > + > > +ovn-sbctl dump-flows lr0 > lr0flows > > +AT_CAPTURE_FILE([sw0flows]) > > + > > +AT_CHECK([grep -e "chk_pkt_len" -e "lr_in_larger_pkts" lr0flows | sort], > > [0], [dnl > > + table=15(lr_in_chk_pkt_len ), priority=0 , match=(1), action=(next;) > > + table=15(lr_in_chk_pkt_len ), priority=50 , match=(outport == > > "lr0-public"), action=(reg9[[1]] = check_pkt_larger(1518); next;) > > + table=16(lr_in_larger_pkts ), priority=0 , match=(1), action=(next;) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw0" && outport == "lr0-public" && ip4 && reg9[[1]]), > > action=(icmp4_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:01; ip4.dst = > > ip4.src; ip4.src = 10.0.0.1; ip.ttl = 255; icmp4.type = 3; /* Destination > > Unreachable. */ icmp4.code = 4; /* Frag Needed and DF was Set. */ > > icmp4.frag_mtu = 1500; next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw0" && outport == "lr0-public" && ip6 && reg9[[1]]), > > action=(icmp6_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:01; ip6.dst = > > ip6.src; ip6.src = fe80::200:ff:fe00:ff01; ip.ttl = 255; icmp6.type = 2; /* > > Packet Too Big. */ icmp6.code = 0; icmp6.frag_mtu = 1500; > > next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-public" && ip4 && reg9[[1]]), > > action=(icmp4_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip4.dst = > > ip4.src; ip4.src = 20.0.0.1; ip.ttl = 255; icmp4.type = 3; /* Destination > > Unreachable. */ icmp4.code = 4; /* Frag Needed and DF was Set. */ > > icmp4.frag_mtu = 1500; next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-public" && ip6 && reg9[[1]]), > > action=(icmp6_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip6.dst = > > ip6.src; ip6.src = fe80::200:ff:fe00:ff02; ip.ttl = 255; icmp6.type = 2; /* > > Packet Too Big. */ icmp6.code = 0; icmp6.frag_mtu = 1500; > > next(pipeline=ingress, table=0); };) > > +]) > > + > > +# Set gateway_mtu option on lr0-sw0 > > +check ovn-nbctl --wait=sb set logical_router_port lr0-sw0 > > options:gateway_mtu=1400 > > + > > +ovn-sbctl dump-flows lr0 > lr0flows > > +AT_CAPTURE_FILE([sw0flows]) > > + > > +AT_CHECK([grep -e "chk_pkt_len" -e "lr_in_larger_pkts" lr0flows | sort], > > [0], [dnl > > + table=15(lr_in_chk_pkt_len ), priority=0 , match=(1), action=(next;) > > + table=15(lr_in_chk_pkt_len ), priority=50 , match=(outport == > > "lr0-public"), action=(reg9[[1]] = check_pkt_larger(1518); next;) > > + table=15(lr_in_chk_pkt_len ), priority=50 , match=(outport == > > "lr0-sw0"), action=(reg9[[1]] = check_pkt_larger(1418); next;) > > + table=16(lr_in_larger_pkts ), priority=0 , match=(1), action=(next;) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-public" && outport == "lr0-sw0" && ip4 && reg9[[1]]), > > action=(icmp4_error {reg9[[0]] = 1; eth.dst = 00:00:20:20:12:13; ip4.dst = > > ip4.src; ip4.src = 172.168.0.100; ip.ttl = 255; icmp4.type = 3; /* > > Destination Unreachable. */ icmp4.code = 4; /* Frag Needed and DF was Set. > > */ icmp4.frag_mtu = 1400; next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-public" && outport == "lr0-sw0" && ip6 && reg9[[1]]), > > action=(icmp6_error {reg9[[0]] = 1; eth.dst = 00:00:20:20:12:13; ip6.dst = > > ip6.src; ip6.src = fe80::200:20ff:fe20:1213; ip.ttl = 255; icmp6.type = 2; > > /* Packet Too Big. */ icmp6.code = 0; icmp6.frag_mtu = 1400; > > next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw0" && outport == "lr0-public" && ip4 && reg9[[1]]), > > action=(icmp4_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:01; ip4.dst = > > ip4.src; ip4.src = 10.0.0.1; ip.ttl = 255; icmp4.type = 3; /* Destination > > Unreachable. */ icmp4.code = 4; /* Frag Needed and DF was Set. */ > > icmp4.frag_mtu = 1500; next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw0" && outport == "lr0-public" && ip6 && reg9[[1]]), > > action=(icmp6_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:01; ip6.dst = > > ip6.src; ip6.src = fe80::200:ff:fe00:ff01; ip.ttl = 255; icmp6.type = 2; /* > > Packet Too Big. */ icmp6.code = 0; icmp6.frag_mtu = 1500; > > next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-public" && ip4 && reg9[[1]]), > > action=(icmp4_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip4.dst = > > ip4.src; ip4.src = 20.0.0.1; ip.ttl = 255; icmp4.type = 3; /* Destination > > Unreachable. */ icmp4.code = 4; /* Frag Needed and DF was Set. */ > > icmp4.frag_mtu = 1500; next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-public" && ip6 && reg9[[1]]), > > action=(icmp6_error {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip6.dst = > > ip6.src; ip6.src = fe80::200:ff:fe00:ff02; ip.ttl = 255; icmp6.type = 2; /* > > Packet Too Big. */ icmp6.code = 0; icmp6.frag_mtu = 1500; > > next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-sw0" && ip4 && reg9[[1]]), action=(icmp4_error > > {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip4.dst = ip4.src; ip4.src = > > 20.0.0.1; ip.ttl = 255; icmp4.type = 3; /* Destination Unreachable. */ > > icmp4.code = 4; /* Frag Needed and DF was Set. */ icmp4.frag_mtu = 1400; > > next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-sw0" && ip6 && reg9[[1]]), action=(icmp6_error > > {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip6.dst = ip6.src; ip6.src = > > fe80::200:ff:fe00:ff02; ip.ttl = 255; icmp6.type = 2; /* Packet Too Big. */ > > icmp6.code = 0; icmp6.frag_mtu = 1400; next(pipeline=ingress, table=0); };) > > +]) > > + > > +# Clear gateway_mtu option on lr0-public > > +check ovn-nbctl --wait=sb clear logical_router_port lr0-public options > > +ovn-sbctl dump-flows lr0 > lr0flows > > +AT_CAPTURE_FILE([sw0flows]) > > + > > +AT_CHECK([grep -e "chk_pkt_len" -e "lr_in_larger_pkts" lr0flows | sort], > > [0], [dnl > > + table=15(lr_in_chk_pkt_len ), priority=0 , match=(1), action=(next;) > > + table=15(lr_in_chk_pkt_len ), priority=50 , match=(outport == > > "lr0-sw0"), action=(reg9[[1]] = check_pkt_larger(1418); next;) > > + table=16(lr_in_larger_pkts ), priority=0 , match=(1), action=(next;) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-public" && outport == "lr0-sw0" && ip4 && reg9[[1]]), > > action=(icmp4_error {reg9[[0]] = 1; eth.dst = 00:00:20:20:12:13; ip4.dst = > > ip4.src; ip4.src = 172.168.0.100; ip.ttl = 255; icmp4.type = 3; /* > > Destination Unreachable. */ icmp4.code = 4; /* Frag Needed and DF was Set. > > */ icmp4.frag_mtu = 1400; next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-public" && outport == "lr0-sw0" && ip6 && reg9[[1]]), > > action=(icmp6_error {reg9[[0]] = 1; eth.dst = 00:00:20:20:12:13; ip6.dst = > > ip6.src; ip6.src = fe80::200:20ff:fe20:1213; ip.ttl = 255; icmp6.type = 2; > > /* Packet Too Big. */ icmp6.code = 0; icmp6.frag_mtu = 1400; > > next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-sw0" && ip4 && reg9[[1]]), action=(icmp4_error > > {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip4.dst = ip4.src; ip4.src = > > 20.0.0.1; ip.ttl = 255; icmp4.type = 3; /* Destination Unreachable. */ > > icmp4.code = 4; /* Frag Needed and DF was Set. */ icmp4.frag_mtu = 1400; > > next(pipeline=ingress, table=0); };) > > + table=16(lr_in_larger_pkts ), priority=50 , match=(inport == > > "lr0-sw1" && outport == "lr0-sw0" && ip6 && reg9[[1]]), action=(icmp6_error > > {reg9[[0]] = 1; eth.dst = 00:00:00:00:ff:02; ip6.dst = ip6.src; ip6.src = > > fe80::200:ff:fe00:ff02; ip.ttl = 255; icmp6.type = 2; /* Packet Too Big. */ > > icmp6.code = 0; icmp6.frag_mtu = 1400; next(pipeline=ingress, table=0); };) > > +]) > > + > > +AT_CLEANUP > > +]) > > diff --git a/tests/ovn.at b/tests/ovn.at > > index 13d860f10..6af62aab0 100644 > > --- a/tests/ovn.at > > +++ b/tests/ovn.at > > @@ -16733,6 +16733,53 @@ for mtu in 100 500 118; do > > test_ip6_packet_larger $mtu > > done > > > > +ovn-nbctl lsp-del sw0-lr0 > > + > > +ovn-nbctl lr-del lr0 > > +ovn-nbctl create Logical_Router name=lr1 options:chassis="hv1" > > +ovn-nbctl lrp-add lr1 lr1-sw0 00:00:00:00:ff:01 10.0.0.1/24 1000::1/64 > > +ovn-nbctl lsp-add sw0 sw0-lr1 > > +ovn-nbctl lsp-set-type sw0-lr1 router > > +ovn-nbctl lsp-set-addresses sw0-lr1 router > > +ovn-nbctl lsp-set-options sw0-lr1 router-port=lr1-sw0 > > + > > +ovn-nbctl lrp-add lr1 lr1-public 00:00:20:20:12:13 172.168.0.100/24 > > 2000::1/64 > > +ovn-nbctl lsp-del public-lr0 > > +ovn-nbctl lsp-add public public-lr1 > > +ovn-nbctl lsp-set-type public-lr1 router > > +ovn-nbctl lsp-set-addresses public-lr1 router > > +ovn-nbctl lsp-set-options public-lr1 router-port=lr1-public > > + > > +ovn-nbctl lr-nat-add lr1 snat 172.168.0.100 10.0.0.0/24 > > +ovn-nbctl lr-nat-add lr1 snat 2000::1 1000::/64 > > + > > +dp_uuid=$(ovn-sbctl find datapath_binding | grep sw0 -B2 | grep _uuid | \ > > +awk '{print $3}') > > +ovn-sbctl create MAC_Binding ip=172.168.0.3 datapath=$dp_uuid \ > > +logical_port=lr1-public mac="00\:00\:00\:12\:af\:11" > > + > > +# Try different gateway mtus and send a 142-byte packet (corresponding > > +# to a 124-byte MTU). If the MTU is less than 124, ovn-controller > > +# should send icmp host not reachable with pmtu set to $mtu. > > +for mtu in 100 500 118; do > > + AS_BOX([testing gw mtu $mtu]) > > + check ovn-nbctl --wait=hv set logical_router_port lr1-public > > options:gateway_mtu=$mtu > > + ovn-sbctl dump-flows > sbflows-gw-$mtu > > + AT_CAPTURE_FILE([sbflows-gw-$mtu]) > > + > > + OVS_WAIT_FOR_OUTPUT([ > > + as hv1 ovs-ofctl dump-flows br-int > br-int-gw-flows-$mtu > > + AT_CAPTURE_FILE([br-int-gw-flows-$mtu]) > > + grep "check_pkt_larger($(expr $mtu + 18))" br-int-gw-flows-$mtu | > > wc -l], [0], [1 > > +]) > > + > > + AS_BOX([testing gw mtu $mtu - IPv4]) > > + test_ip_packet_larger $mtu > > + > > + AS_BOX([testing gw mtu $mtu - IPv6]) > > + test_ip6_packet_larger $mtu > > +done > > + > > OVN_CLEANUP([hv1]) > > AT_CLEANUP > > ]) > > > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
