[ovs-dev] [PATCH v1 3/6] ovn: extend expr symbols for ND
nusiddiq at redhat.com
nusiddiq at redhat.com
Thu Jun 15 08:38:39 UTC 2017
From: Zong Kai LI <zealokii at gmail.com>
This patch updates ND symbols in logical-fields - "nd", "nd.target",
"nd.sll" and "nd.tll" to describe more clear about "icmp6.type"
predicate.
It adds new symbols:
- "nd_rs" - to match Router Solicitation messages
- "nd_ra" - to match Router Advertisement messages
Co-authored-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Zongkai LI <zealokii at gmail.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
---
ovn/lib/logical-fields.c | 18 ++++++++++++++----
ovn/northd/ovn-northd.c | 10 ++++++----
ovn/ovn-sb.xml | 4 +++-
tests/ovn.at | 2 +-
4 files changed, 24 insertions(+), 10 deletions(-)
diff --git a/ovn/lib/logical-fields.c b/ovn/lib/logical-fields.c
index 26e336f..f8837f2 100644
--- a/ovn/lib/logical-fields.c
+++ b/ovn/lib/logical-fields.c
@@ -178,14 +178,24 @@ ovn_init_symtab(struct shash *symtab)
expr_symtab_add_field(symtab, "arp.tha", MFF_ARP_THA, "arp", false);
expr_symtab_add_predicate(symtab, "nd",
- "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
+ "icmp6.type == {133, 134, 135, 136} "
+ "&& icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(symtab, "nd_rs",
+ "icmp6.type == 133 && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(symtab, "nd_ra",
+ "icmp6.type == 134 && icmp6.code == 0 && ip.ttl == 255");
expr_symtab_add_predicate(symtab, "nd_ns",
"icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
expr_symtab_add_predicate(symtab, "nd_na",
"icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
- expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET, "nd", false);
- expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL, "nd_ns", false);
- expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL, "nd_na", false);
+ expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET,
+ "icmp6.type == {135, 136} "
+ "&& icmp6.code == 0 && ip.ttl == 255", false);
+ expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL,
+ "icmp6.type == {133, 134, 135} "
+ "&& icmp6.code == 0 && ip.ttl == 255", false);
+ expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL,
+ "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255", false);
expr_symtab_add_predicate(symtab, "tcp", "ip.proto == 6");
expr_symtab_add_field(symtab, "tcp.src", MFF_TCP_SRC, "tcp", false);
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index be3b371..b9a4b5e 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2140,9 +2140,10 @@ build_port_security_ipv6_nd_flow(
struct ds *match, struct eth_addr ea, struct ipv6_netaddr *ipv6_addrs,
int n_ipv6_addrs)
{
- ds_put_format(match, " && ip6 && nd && ((nd.sll == "ETH_ADDR_FMT" || "
- "nd.sll == "ETH_ADDR_FMT") || ((nd.tll == "ETH_ADDR_FMT" || "
- "nd.tll == "ETH_ADDR_FMT")", ETH_ADDR_ARGS(eth_addr_zero),
+ ds_put_format(match, " && (nd_ns || nd_na) && ((nd.sll == "ETH_ADDR_FMT
+ " || nd.sll == "ETH_ADDR_FMT") || ((nd.tll == "ETH_ADDR_FMT
+ " || nd.tll == "ETH_ADDR_FMT")",
+ ETH_ADDR_ARGS(eth_addr_zero),
ETH_ADDR_ARGS(ea), ETH_ADDR_ARGS(eth_addr_zero),
ETH_ADDR_ARGS(ea));
if (!n_ipv6_addrs) {
@@ -2270,7 +2271,8 @@ build_port_security_nd(struct ovn_port *op, struct hmap *lflows)
}
ds_clear(&match);
- ds_put_format(&match, "inport == %s && (arp || nd)", op->json_key);
+ ds_put_format(&match, "inport == %s && (arp || nd_ns || nd_na)",
+ op->json_key);
ovn_lflow_add(lflows, op->od, S_SWITCH_IN_PORT_SEC_ND, 80,
ds_cstr(&match), "drop;");
ds_destroy(&match);
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index b22d1ac..db33c31 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -905,7 +905,9 @@
<li><code>ip.later_frag</code> expands to <code>ip.frag[1]</code></li>
<li><code>ip.first_frag</code> expands to <code>ip.is_frag && !ip.later_frag</code></li>
<li><code>arp</code> expands to <code>eth.type == 0x806</code></li>
- <li><code>nd</code> expands to <code>icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255</code></li>
+ <li><code>nd</code> expands to <code>icmp6.type == {133, 134, 135, 136} && icmp6.code == 0 && ip.ttl == 255</code></li>
+ <li><code>nd_rs</code> expands to <code>icmp6.type == 133 && icmp6.code == 0 && ip.ttl == 255</code></li>
+ <li><code>nd_ra</code> expands to <code>icmp6.type == 134 && icmp6.code == 0 && ip.ttl == 255</code></li>
<li><code>nd_ns</code> expands to <code>icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255</code></li>
<li><code>nd_na</code> expands to <code>icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255</code></li>
<li><code>tcp</code> expands to <code>ip.proto == 6</code></li>
diff --git a/tests/ovn.at b/tests/ovn.at
index efcbd91..9133304 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -993,7 +993,7 @@ get_nd(xxreg0, ip6.dst);
# put_nd
put_nd(inport, nd.target, nd.sll);
encodes as push:NXM_NX_XXREG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ND_SLL[],push:NXM_NX_ND_TARGET[],pop:NXM_NX_XXREG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.04.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_XXREG0[]
- has prereqs ((icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x88 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd)
+ has prereqs ((icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x88 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) && ((icmp6.type == 0x85 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x86 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd)
# put_dhcpv6_opts
reg1[0] = put_dhcpv6_opts(ia_addr = ae70::4, server_id = 00:00:00:00:10:02);
--
2.9.4
More information about the dev
mailing list