[ovs-dev] [PATCH v1 3/6] ovn: extend expr symbols for ND

nusiddiq at redhat.com nusiddiq at redhat.com
Thu Jun 15 08:38:39 UTC 2017


From: Zong Kai LI <zealokii at gmail.com>

This patch updates ND symbols in logical-fields - "nd", "nd.target",
"nd.sll" and "nd.tll" to describe more clear about "icmp6.type"
predicate.

It adds new symbols:
 - "nd_rs" - to match Router Solicitation messages
 - "nd_ra" - to match Router Advertisement messages

Co-authored-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Zongkai LI <zealokii at gmail.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
---
 ovn/lib/logical-fields.c | 18 ++++++++++++++----
 ovn/northd/ovn-northd.c  | 10 ++++++----
 ovn/ovn-sb.xml           |  4 +++-
 tests/ovn.at             |  2 +-
 4 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/ovn/lib/logical-fields.c b/ovn/lib/logical-fields.c
index 26e336f..f8837f2 100644
--- a/ovn/lib/logical-fields.c
+++ b/ovn/lib/logical-fields.c
@@ -178,14 +178,24 @@ ovn_init_symtab(struct shash *symtab)
     expr_symtab_add_field(symtab, "arp.tha", MFF_ARP_THA, "arp", false);
 
     expr_symtab_add_predicate(symtab, "nd",
-              "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
+              "icmp6.type == {133, 134, 135, 136} "
+              "&& icmp6.code == 0 && ip.ttl == 255");
+    expr_symtab_add_predicate(symtab, "nd_rs",
+              "icmp6.type == 133 && icmp6.code == 0 && ip.ttl == 255");
+    expr_symtab_add_predicate(symtab, "nd_ra",
+              "icmp6.type == 134 && icmp6.code == 0 && ip.ttl == 255");
     expr_symtab_add_predicate(symtab, "nd_ns",
               "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
     expr_symtab_add_predicate(symtab, "nd_na",
               "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
-    expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET, "nd", false);
-    expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL, "nd_ns", false);
-    expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL, "nd_na", false);
+    expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET,
+              "icmp6.type == {135, 136} "
+              "&& icmp6.code == 0 && ip.ttl == 255", false);
+    expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL,
+              "icmp6.type == {133, 134, 135} "
+              "&& icmp6.code == 0 && ip.ttl == 255", false);
+    expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL,
+              "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255", false);
 
     expr_symtab_add_predicate(symtab, "tcp", "ip.proto == 6");
     expr_symtab_add_field(symtab, "tcp.src", MFF_TCP_SRC, "tcp", false);
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index be3b371..b9a4b5e 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2140,9 +2140,10 @@ build_port_security_ipv6_nd_flow(
     struct ds *match, struct eth_addr ea, struct ipv6_netaddr *ipv6_addrs,
     int n_ipv6_addrs)
 {
-    ds_put_format(match, " && ip6 && nd && ((nd.sll == "ETH_ADDR_FMT" || "
-                  "nd.sll == "ETH_ADDR_FMT") || ((nd.tll == "ETH_ADDR_FMT" || "
-                  "nd.tll == "ETH_ADDR_FMT")", ETH_ADDR_ARGS(eth_addr_zero),
+    ds_put_format(match, " && (nd_ns || nd_na) && ((nd.sll == "ETH_ADDR_FMT
+                  " || nd.sll == "ETH_ADDR_FMT") || ((nd.tll == "ETH_ADDR_FMT
+                  " || nd.tll == "ETH_ADDR_FMT")",
+                  ETH_ADDR_ARGS(eth_addr_zero),
                   ETH_ADDR_ARGS(ea), ETH_ADDR_ARGS(eth_addr_zero),
                   ETH_ADDR_ARGS(ea));
     if (!n_ipv6_addrs) {
@@ -2270,7 +2271,8 @@ build_port_security_nd(struct ovn_port *op, struct hmap *lflows)
     }
 
     ds_clear(&match);
-    ds_put_format(&match, "inport == %s && (arp || nd)", op->json_key);
+    ds_put_format(&match, "inport == %s && (arp || nd_ns || nd_na)",
+                  op->json_key);
     ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, 80,
                   ds_cstr(&match), "drop;");
     ds_destroy(&match);
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index b22d1ac..db33c31 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -905,7 +905,9 @@
         <li><code>ip.later_frag</code> expands to <code>ip.frag[1]</code></li>
         <li><code>ip.first_frag</code> expands to <code>ip.is_frag &amp;&amp; !ip.later_frag</code></li>
         <li><code>arp</code> expands to <code>eth.type == 0x806</code></li>
-        <li><code>nd</code> expands to <code>icmp6.type == {135, 136} &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
+        <li><code>nd</code> expands to <code>icmp6.type == {133, 134, 135, 136} &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
+        <li><code>nd_rs</code> expands to <code>icmp6.type == 133 &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
+        <li><code>nd_ra</code> expands to <code>icmp6.type == 134 &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
         <li><code>nd_ns</code> expands to <code>icmp6.type == 135 &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
         <li><code>nd_na</code> expands to <code>icmp6.type == 136 &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
         <li><code>tcp</code> expands to <code>ip.proto == 6</code></li>
diff --git a/tests/ovn.at b/tests/ovn.at
index efcbd91..9133304 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -993,7 +993,7 @@ get_nd(xxreg0, ip6.dst);
 # put_nd
 put_nd(inport, nd.target, nd.sll);
     encodes as push:NXM_NX_XXREG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ND_SLL[],push:NXM_NX_ND_TARGET[],pop:NXM_NX_XXREG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.04.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_XXREG0[]
-    has prereqs ((icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x88 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd)
+    has prereqs ((icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x88 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) && ((icmp6.type == 0x85 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x86 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd)
 
 # put_dhcpv6_opts
 reg1[0] = put_dhcpv6_opts(ia_addr = ae70::4, server_id = 00:00:00:00:10:02);
-- 
2.9.4



More information about the dev mailing list