On Tue, Jul 25, 2017 at 6:14 PM, Miguel Angel Ajo Pelayo <
majop...@redhat.com> wrote:
> Looks good, just a tiny comment, but not actually very important.
>
>
> On Fri, Jul 14, 2017 at 2:26 PM, <nusid...@redhat.com> wrote:
>
>> From: Zongkai LI <zealo...@gmail.com>
>>
>> This patch adds logical flows which sends IPv6 Router Advertisement
>> packet in response to the IPv6 Router Solicitation request. It uses
>> the actions "put_nd_ra_opts" to transform the RS packet to RA packet
>> in the newly added ingress stage "lr_in_nd_ra_options" in router
>> pipeline. If the action "put_nd_ra_opts" is successful, it sends the
>> RA packet back to the originating port in the next ingress stage
>> "lr_in_nd_ra_response".
>>
>> A new column "ipv6_ra_configs" is added in the Logical_Router_Port
>> table, which the CMS is expected to configure IPv6 RA
>> configurations - "address_mode" and "mtu" for adding these flows.
>>
>> Co-authored-by: Numan Siddique <nusid...@redhat.com>
>> Signed-off-by: Zongkai LI <zealo...@gmail.com>
>> Signed-off-by: Numan Siddique <nusid...@redhat.com>
>> ---
>> ovn/lib/logical-fields.c | 4 +
>> ovn/northd/ovn-northd.8.xml | 81 ++++++++++++++-
>> ovn/northd/ovn-northd.c | 129 ++++++++++++++++++++----
>> ovn/ovn-nb.ovsschema | 7 +-
>> ovn/ovn-nb.xml | 39 ++++++++
>> ovn/ovn-sb.xml | 4 +
>> tests/ovn.at | 237 ++++++++++++++++++++++++++++++
>> ++++++++++++++
>> 7 files changed, 478 insertions(+), 23 deletions(-)
>>
>> diff --git a/ovn/lib/logical-fields.c b/ovn/lib/logical-fields.c
>> index 26e336f5a..a8b5e3c51 100644
>> --- a/ovn/lib/logical-fields.c
>> +++ b/ovn/lib/logical-fields.c
>> @@ -183,6 +183,10 @@ ovn_init_symtab(struct shash *symtab)
>> "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
>> expr_symtab_add_predicate(symtab, "nd_na",
>> "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
>> + expr_symtab_add_predicate(symtab, "nd_rs",
>> + "icmp6.type == 133 && icmp6.code == 0 && ip.ttl == 255");
>> + expr_symtab_add_predicate(symtab, "nd_ra",
>> + "icmp6.type == 134 && icmp6.code == 0 && ip.ttl == 255");
>> expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET, "nd",
>> false);
>> expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL, "nd_ns", false);
>> expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL, "nd_na", false);
>> diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
>> index 7ff524508..911f67b21 100644
>> --- a/ovn/northd/ovn-northd.8.xml
>> +++ b/ovn/northd/ovn-northd.8.xml
>> @@ -1573,7 +1573,80 @@ icmp4 {
>> </li>
>> </ul>
>>
>> - <h3>Ingress Table 5: IP Routing</h3>
>> + <h3>Ingress Table 5: IPv6 ND RA option processing</h3>
>> +
>> + <ul>
>> + <li>
>> + <p>
>> + A priority-50 logical flow is added for each logical router
>> port
>> + configured with IPv6 ND RA options which matches IPv6 ND Router
>> + Solicitation packet and applies the action
>> + <code>put_nd_ra_opts</code> and advances the packet to the next
>> + table.
>> + </p>
>> +
>> + <pre>
>> +reg0[5] = put_nd_ra_opts(<var>options</var>);next;
>> + </pre>
>> +
>> + <p>
>> + For a valid IPv6 ND RS packet, this transforms the packet into
>> an
>> + IPv6 ND RA reply and sets the RA options to the packet and
>> stores 1
>> + into reg0[5]. For other kinds of packets, it just stores 0 into
>> + reg0[5]. Either way, it continues to the next table.
>> + </p>
>> + </li>
>> +
>> + <li>
>> + A priority-0 logical flow with match <code>1</code> has actions
>> + <code>next;</code>.
>> + </li>
>> + </ul>
>> +
>> + <h3>Ingress Table 6: IPv6 ND RA responder</h3>
>> +
>> + <p>
>> + This table implements IPv6 ND RA responder for the IPv6 ND RA
>> replies
>> + generated by the previous table.
>> + </p>
>> +
>> + <ul>
>> + <li>
>> + <p>
>> + A priority-50 logical flow is added for each logical router
>> port
>> + configured with IPv6 ND RA options which matches IPv6 ND RA
>> + packets and <code>reg0[5] == 1</code> and responds back to the
>> + <code>inport</code> after applying these actions.
>> + If <code>reg0[5]</code> is set to 1, it means that the action
>> + <code>put_nd_ra_opts</code> was successful.
>> + </p>
>> +
>> + <pre>
>> +eth.src = <var>E</var>;
>> +ip6.src = <var>I</var>;
>> +outport = <var>P</var>;
>> +flags.loopback = 1;
>> +output;
>> + </pre>
>> +
>> + <p>
>> + where <var>E</var> is the MAC address and <var>I</var> is the
>> IPv6
>> + link local address of the logical router port.
>> + </p>
>> +
>> + <p>
>> + (This terminates packet processing in ingress pipeline; the
>> packet
>> + does not go to the next ingress table.)
>> + </p>
>> + </li>
>> +
>> + <li>
>> + A priority-0 logical flow with match <code>1</code> has actions
>> + <code>next;</code>.
>> + </li>
>> + </ul>
>> +
>> + <h3>Ingress Table 7: IP Routing</h3>
>>
>> <p>
>> A packet that arrives at this table is an IP packet that should be
>> @@ -1675,7 +1748,7 @@ next;
>> </li>
>> </ul>
>>
>> - <h3>Ingress Table 6: ARP/ND Resolution</h3>
>> + <h3>Ingress Table 8: ARP/ND Resolution</h3>
>>
>> <p>
>> Any packet that reaches this table is an IP packet whose next-hop
>> @@ -1768,7 +1841,7 @@ next;
>> </li>
>> </ul>
>>
>> - <h3>Ingress Table 7: Gateway Redirect</h3>
>> + <h3>Ingress Table 9: Gateway Redirect</h3>
>>
>> <p>
>> For distributed logical routers where one of the logical router
>> @@ -1825,7 +1898,7 @@ next;
>> </li>
>> </ul>
>>
>> - <h3>Ingress Table 8: ARP Request</h3>
>> + <h3>Ingress Table 10: ARP Request</h3>
>>
>> <p>
>> In the common case where the Ethernet destination has been
>> resolved, this
>> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
>> index 2d7c2d86e..5e36eb9b1 100644
>> --- a/ovn/northd/ovn-northd.c
>> +++ b/ovn/northd/ovn-northd.c
>> @@ -128,15 +128,17 @@ enum ovn_stage {
>> PIPELINE_STAGE(SWITCH, OUT, PORT_SEC_L2, 8, "ls_out_port_sec_l2")
>> \
>> \
>> /* Logical router ingress stages. */ \
>> - PIPELINE_STAGE(ROUTER, IN, ADMISSION, 0, "lr_in_admission") \
>> - PIPELINE_STAGE(ROUTER, IN, IP_INPUT, 1, "lr_in_ip_input") \
>> - PIPELINE_STAGE(ROUTER, IN, DEFRAG, 2, "lr_in_defrag") \
>> - PIPELINE_STAGE(ROUTER, IN, UNSNAT, 3, "lr_in_unsnat") \
>> - PIPELINE_STAGE(ROUTER, IN, DNAT, 4, "lr_in_dnat") \
>> - PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 5, "lr_in_ip_routing") \
>> - PIPELINE_STAGE(ROUTER, IN, ARP_RESOLVE, 6, "lr_in_arp_resolve") \
>> - PIPELINE_STAGE(ROUTER, IN, GW_REDIRECT, 7, "lr_in_gw_redirect") \
>> - PIPELINE_STAGE(ROUTER, IN, ARP_REQUEST, 8, "lr_in_arp_request") \
>> + PIPELINE_STAGE(ROUTER, IN, ADMISSION, 0, "lr_in_admission")
>> \
>> + PIPELINE_STAGE(ROUTER, IN, IP_INPUT, 1, "lr_in_ip_input")
>> \
>> + PIPELINE_STAGE(ROUTER, IN, DEFRAG, 2, "lr_in_defrag")
>> \
>> + PIPELINE_STAGE(ROUTER, IN, UNSNAT, 3, "lr_in_unsnat")
>> \
>> + PIPELINE_STAGE(ROUTER, IN, DNAT, 4, "lr_in_dnat")
>> \
>> + PIPELINE_STAGE(ROUTER, IN, ND_RA_OPTIONS, 5,
>> "lr_in_nd_ra_options") \
>> + PIPELINE_STAGE(ROUTER, IN, ND_RA_RESPONSE, 6,
>> "lr_in_nd_ra_response") \
>> + PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 7, "lr_in_ip_routing")
>> \
>> + PIPELINE_STAGE(ROUTER, IN, ARP_RESOLVE, 8, "lr_in_arp_resolve")
>> \
>> + PIPELINE_STAGE(ROUTER, IN, GW_REDIRECT, 9, "lr_in_gw_redirect")
>> \
>> + PIPELINE_STAGE(ROUTER, IN, ARP_REQUEST, 10,
>> "lr_in_arp_request") \
>> \
>> /* Logical router egress stages. */ \
>> PIPELINE_STAGE(ROUTER, OUT, UNDNAT, 0, "lr_out_undnat") \
>> @@ -158,11 +160,12 @@ enum ovn_stage {
>> #define OVN_ACL_PRI_OFFSET 1000
>>
>> /* Register definitions specific to switches. */
>> -#define REGBIT_CONNTRACK_DEFRAG "reg0[0]"
>> -#define REGBIT_CONNTRACK_COMMIT "reg0[1]"
>> -#define REGBIT_CONNTRACK_NAT "reg0[2]"
>> -#define REGBIT_DHCP_OPTS_RESULT "reg0[3]"
>> +#define REGBIT_CONNTRACK_DEFRAG "reg0[0]"
>> +#define REGBIT_CONNTRACK_COMMIT "reg0[1]"
>> +#define REGBIT_CONNTRACK_NAT "reg0[2]"
>> +#define REGBIT_DHCP_OPTS_RESULT "reg0[3]"
>> #define REGBIT_DNS_LOOKUP_RESULT "reg0[4]"
>> +#define REGBIT_ND_RA_OPTS_RESULT "reg0[5]"
>>
>> /* Register definitions for switches and routers. */
>> #define REGBIT_NAT_REDIRECT "reg9[0]"
>> @@ -2634,7 +2637,11 @@ build_pre_acls(struct ovn_datapath *od, struct
>> hmap *lflows)
>> *
>> * Not to do conntrack on ND packets. */
>> ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110, "nd",
>> "next;");
>> + ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110, "(nd_rs ||
>> nd_ra)",
>> + "next;");
>> ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110, "nd",
>> "next;");
>> + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110,
>> + "(nd_rs || nd_ra)", "next;");
>>
>> /* Ingress and Egress Pre-ACL Table (Priority 100).
>> *
>> @@ -5030,7 +5037,95 @@ build_lrouter_flows(struct hmap *datapaths, struct
>> hmap *ports,
>> sset_destroy(&all_ips);
>> }
>>
>> - /* Logical router ingress table 5: IP Routing.
>> + /* Logical router ingress table 5 and 6: IPv6 Router Adv (RA)
>> options and
>> + * response. */
>> + HMAP_FOR_EACH (op, key_node, ports) {
>> + if (!op->nbrp || op->nbrp->peer || !op->peer) {
>> + continue;
>> + }
>> +
>> + if (!op->lrp_networks.n_ipv6_addrs) {
>> + continue;
>> + }
>> +
>> + const char *address_mode = smap_get(
>> + &op->nbrp->ipv6_ra_configs, "address_mode");
>> +
>> + if (!address_mode || (strcmp(address_mode, "slaac") &&
>> + strcmp(address_mode, "dhcpv6_stateful") &&
>> + strcmp(address_mode, "dhcpv6_stateless")))
>> {
>> + continue;
>>
> Would it be worth to log a rate limited warning?
>
Thanks for the review Miguel. I have addressed this comment, rebased the
patch series to resolve the merge conflicts and submitted the v4.
Numan
>
>
>
>> + }
>> +
>> + ds_clear(&match);
>> + ds_put_format(&match, "inport == %s && ip6.dst == ff02::2 &&
>> nd_rs",
>> + op->json_key);
>> + ds_clear(&actions);
>> +
>> + const char *mtu_s = smap_get(
>> + &op->nbrp->ipv6_ra_configs, "mtu");
>> +
>> + uint32_t mtu = (mtu_s && atoi(mtu_s) >= 1280) ? atoi(mtu_s) : 0;
>> +
>> + ds_put_format(&actions, REGBIT_ND_RA_OPTS_RESULT" =
>> put_nd_ra_opts("
>> + "addr_mode = \"%s\", slla = %s",
>> + address_mode, op->lrp_networks.ea_s);
>> + if (mtu > 0) {
>> + ds_put_format(&actions, ", mtu = %u", mtu);
>> + }
>> +
>> + bool add_rs_response_flow = false;
>> +
>> + for (size_t i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
>> + if (in6_is_lla(&op->lrp_networks.ipv6_addrs[i].network)) {
>> + continue;
>> + }
>> +
>> + /* Add the prefix option if the address mode is slaac or
>> + * dhcpv6_stateless. */
>> + if (strcmp(address_mode, "dhcpv6_stateful")) {
>> + ds_put_format(&actions, ", prefix = %s/%u",
>> + op->lrp_networks.ipv6_addrs[i].network_s,
>> + op->lrp_networks.ipv6_addrs[i].plen);
>> + }
>> + add_rs_response_flow = true;
>> + }
>> +
>> + if (add_rs_response_flow) {
>> + ds_put_cstr(&actions, "); next;");
>> + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ND_RA_OPTIONS, 50,
>> + ds_cstr(&match), ds_cstr(&actions));
>> + ds_clear(&actions);
>> + ds_clear(&match);
>> + ds_put_format(&match, "inport == %s && ip6.src == ff02::2 &&
>> "
>> + "nd_ra && "REGBIT_ND_RA_OPTS_RESULT,
>> op->json_key);
>> +
>> + char ip6_str[INET6_ADDRSTRLEN + 1];
>> + struct in6_addr lla;
>> + in6_generate_lla(op->lrp_networks.ea, &lla);
>> + memset(ip6_str, 0, sizeof(ip6_str));
>> + ipv6_string_mapped(ip6_str, &lla);
>> + ds_put_format(&actions, "eth.src = %s; ip6.src = %s; "
>> + "outport = inport; flags.loopback = 1; "
>> + "output;",
>> + op->lrp_networks.ea_s, ip6_str);
>> + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ND_RA_RESPONSE, 50,
>> + ds_cstr(&match), ds_cstr(&actions));
>> + }
>> + }
>> +
>> + /* Logical router ingress table 5, 6: RS responder, by default goto
>> next.
>> + * (priority 0)*/
>> + HMAP_FOR_EACH (od, key_node, datapaths) {
>> + if (!od->nbr) {
>> + continue;
>> + }
>> +
>> + ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_OPTIONS, 0, "1",
>> "next;");
>> + ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_RESPONSE, 0, "1",
>> "next;");
>> + }
>> +
>> + /* Logical router ingress table 7: IP Routing.
>> *
>> * A packet that arrives at this table is an IP packet that should be
>> * routed to the address in 'ip[46].dst'. This table sets outport to
>> @@ -5072,7 +5167,7 @@ build_lrouter_flows(struct hmap *datapaths, struct
>> hmap *ports,
>>
>> /* XXX destination unreachable */
>>
>> - /* Local router ingress table 6: ARP Resolution.
>> + /* Local router ingress table 8: ARP Resolution.
>> *
>> * Any packet that reaches this table is an IP packet whose next-hop
>> IP
>> * address is in reg0. (ip4.dst is the final destination.) This table
>> @@ -5267,7 +5362,7 @@ build_lrouter_flows(struct hmap *datapaths, struct
>> hmap *ports,
>> "get_nd(outport, xxreg0); next;");
>> }
>>
>> - /* Logical router ingress table 7: Gateway redirect.
>> + /* Logical router ingress table 9: Gateway redirect.
>> *
>> * For traffic with outport equal to the l3dgw_port
>> * on a distributed router, this table redirects a subset
>> @@ -5307,7 +5402,7 @@ build_lrouter_flows(struct hmap *datapaths, struct
>> hmap *ports,
>> ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 0, "1",
>> "next;");
>> }
>>
>> - /* Local router ingress table 8: ARP request.
>> + /* Local router ingress table 10: ARP request.
>> *
>> * In the common case where the Ethernet destination has been
>> resolved,
>> * this table outputs the packet (priority 0). Otherwise, it
>> composes
>> diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema
>> index c6a1417ff..a15a24c27 100644
>> --- a/ovn/ovn-nb.ovsschema
>> +++ b/ovn/ovn-nb.ovsschema
>> @@ -1,7 +1,7 @@
>> {
>> "name": "OVN_Northbound",
>> - "version": "5.6.0",
>> - "cksum": "2552205612 15123",
>> + "version": "5.6.1",
>> + "cksum": "3970773262 15286",
>> "tables": {
>> "NB_Global": {
>> "columns": {
>> @@ -207,6 +207,9 @@
>> "mac": {"type": "string"},
>> "peer": {"type": {"key": "string", "min": 0, "max": 1}},
>> "enabled": {"type": {"key": "boolean", "min": 0, "max":
>> 1}},
>> + "ipv6_ra_configs": {
>> + "type": {"key": "string", "value": "string",
>> + "min": 0, "max": "unlimited"}},
>> "external_ids": {
>> "type": {"key": "string", "value": "string",
>> "min": 0, "max": "unlimited"}}},
>> diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
>> index 32c10c147..c9ed80cce 100644
>> --- a/ovn/ovn-nb.xml
>> +++ b/ovn/ovn-nb.xml
>> @@ -1276,6 +1276,45 @@
>> port has all ingress and egress traffic dropped.
>> </column>
>>
>> + <group title="ipv6_ra_configs">
>> + <p>
>> + This column defines the IPv6 ND RA address mode and ND MTU
>> Option to be
>> + included by <code>ovn-controller</code> when it replies to the
>> IPv6
>> + Router solicitation requests.
>> + </p>
>> +
>> + <column name="ipv6_ra_configs" key="address_mode">
>> + The address mode to be used for IPv6 address configuration.
>> + The supported values are:
>> + <ul>
>> + <li>
>> + <code>slaac</code>: Address configuration using Router
>> + Advertisement (RA) packet. The IPv6 prefixes defined in the
>> + <ref table="Logical_Router_Port"/> table's
>> + <ref table="Logical_Router_Port" column="networks"/> column
>> will
>> + be included in the RA's ICMPv6 option - Prefix information.
>> + </li>
>> +
>> + <li>
>> + <code>dhcpv6_stateful</code>: Address configuration using
>> DHCPv6.
>> + </li>
>> +
>> + <li>
>> + <code>dhcpv6_stateless</code>: Address configuration using
>> Router
>> + Advertisement (RA) packet. Other IPv6 options are provided by
>> + DHCPv6.
>> + </li>
>> + </ul>
>> + </column>
>> +
>> + <column name="ipv6_ra_configs" key="mtu">
>> + The recommended MTU for the link. Default is 0, which means no
>> MTU
>> + Option will be included in RA packet replied by ovn-controller.
>> + Per RFC 2460, the mtu value is recommended no less than 1280, so
>> + any mtu value less than 1280 will be considered as no MTU Option.
>> + </column>
>> + </group>
>> +
>> <group title="Options">
>> <p>
>> Additional options for the logical router port.
>> diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
>> index 824ff123a..43bcf380e 100644
>> --- a/ovn/ovn-sb.xml
>> +++ b/ovn/ovn-sb.xml
>> @@ -908,6 +908,10 @@
>> <li><code>nd</code> expands to <code>icmp6.type == {135, 136}
>> && icmp6.code == 0 && ip.ttl == 255</code></li>
>> <li><code>nd_ns</code> expands to <code>icmp6.type == 135
>> && icmp6.code == 0 && ip.ttl == 255</code></li>
>> <li><code>nd_na</code> expands to <code>icmp6.type == 136
>> && icmp6.code == 0 && ip.ttl == 255</code></li>
>> + <li><code>nd_rs</code> expands to <code>icmp6.type == 133
>> &&
>> + icmp6.code == 0 && ip.ttl == 255</code></li>
>> + <li><code>nd_ra</code> expands to <code>icmp6.type == 134
>> &&
>> + icmp6.code == 0 && ip.ttl == 255</code></li>
>> <li><code>tcp</code> expands to <code>ip.proto == 6</code></li>
>> <li><code>udp</code> expands to <code>ip.proto == 17</code></li>
>> <li><code>sctp</code> expands to <code>ip.proto ==
>> 132</code></li>
>> diff --git a/tests/ovn.at b/tests/ovn.at
>> index 8add532d7..f39481d5a 100644
>> --- a/tests/ovn.at
>> +++ b/tests/ovn.at
>> @@ -7306,6 +7306,243 @@ OVN_CLEANUP([hv1],[hv2],[hv3])
>>
>> AT_CLEANUP
>>
>> +AT_SETUP([ovn -- IPv6 ND Router Solicitation responder])
>> +AT_KEYWORDS([ovn-nd_ra])
>> +AT_SKIP_IF([test $HAVE_PYTHON = no])
>> +ovn_start
>> +
>> +# In this test case we create 1 lswitch with 3 VIF ports attached,
>> +# and a lrouter connected to the lswitch.
>> +# We generate the Router solicitation packet and verify the Router
>> Advertisement
>> +# reply packet from the ovn-controller.
>> +
>> +# Create hypervisor and logical switch lsw0, logical router lr0, attach
>> lsw0
>> +# onto lr0, set Logical_Router_Port.ipv6_ra_configs:address_mode column
>> to
>> +# 'slaac' to allow lrp0 send RA for SLAAC mode.
>> +ovn-nbctl ls-add lsw0
>> +ovn-nbctl lr-add lr0
>> +ovn-nbctl lrp-add lr0 lrp0 fa:16:3e:00:00:01 fdad:1234:5678::1/64
>> +ovn-nbctl set Logical_Router_Port lrp0 ipv6_ra_configs:address_mode="
>> slaac"
>> +ovn-nbctl \
>> + -- lsp-add lsw0 lsp0 \
>> + -- set Logical_Switch_Port lsp0 type=router \
>> + options:router-port=lrp0 \
>> + addresses='"fa:16:3e:00:00:01 fdad:1234:5678::1"'
>> +net_add n1
>> +sim_add hv1
>> +as hv1
>> +ovs-vsctl add-br br-phys
>> +ovn_attach n1 br-phys 192.168.0.2
>> +
>> +ovn-nbctl lsp-add lsw0 lp1
>> +ovn-nbctl lsp-set-addresses lp1 "fa:16:3e:00:00:02 10.0.0.12
>> fdad:1234:5678:0:f816:3eff:fe:2"
>> +ovn-nbctl lsp-set-port-security lp1 "fa:16:3e:00:00:02 10.0.0.12
>> fdad:1234:5678:0:f816:3eff:fe:2"
>> +
>> +ovn-nbctl lsp-add lsw0 lp2
>> +ovn-nbctl lsp-set-addresses lp2 "fa:16:3e:00:00:03 10.0.0.13
>> fdad:1234:5678:0:f816:3eff:fe:3"
>> +ovn-nbctl lsp-set-port-security lp2 "fa:16:3e:00:00:03 10.0.0.13
>> fdad:1234:5678:0:f816:3eff:fe:3"
>> +
>> +ovn-nbctl lsp-add lsw0 lp3
>> +ovn-nbctl lsp-set-addresses lp3 "fa:16:3e:00:00:04 10.0.0.14
>> fdad:1234:5678:0:f816:3eff:fe:4"
>> +ovn-nbctl lsp-set-port-security lp3 "fa:16:3e:00:00:04 10.0.0.14
>> fdad:1234:5678:0:f816:3eff:fe:4"
>> +
>> +# Add ACL rule for ICMPv6 on lsw0
>> +ovn-nbctl acl-add lsw0 from-lport 1002 'ip6 && icmp6' allow-related
>> +ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp1" && ip6 && icmp6'
>> allow-related
>> +ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2" && ip6 && icmp6'
>> allow-related
>> +ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp3" && ip6 && icmp6'
>> allow-related
>> +
>> +ovs-vsctl -- add-port br-int hv1-vif1 -- \
>> + set interface hv1-vif1 external-ids:iface-id=lp1 \
>> + options:tx_pcap=hv1/vif1-tx.pcap \
>> + options:rxq_pcap=hv1/vif1-rx.pcap \
>> + ofport-request=1
>> +
>> +ovs-vsctl -- add-port br-int hv1-vif2 -- \
>> + set interface hv1-vif2 external-ids:iface-id=lp2 \
>> + options:tx_pcap=hv1/vif2-tx.pcap \
>> + options:rxq_pcap=hv1/vif2-rx.pcap \
>> + ofport-request=2
>> +
>> +ovs-vsctl -- add-port br-int hv1-vif3 -- \
>> + set interface hv1-vif3 external-ids:iface-id=lp3 \
>> + options:tx_pcap=hv1/vif3-tx.pcap \
>> + options:rxq_pcap=hv1/vif3-rx.pcap \
>> + ofport-request=3
>> +
>> +# Allow some time for ovn-northd and ovn-controller to catch up.
>> +# XXX This should be more systematic.
>> +sleep 1
>> +
>> +reset_pcap_file() {
>> + local iface=$1
>> + local pcap_file=$2
>> + ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
>> +options:rxq_pcap=dummy-rx.pcap
>> + rm -f ${pcap_file}*.pcap
>> + ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap
>> \
>> +options:rxq_pcap=${pcap_file}-rx.pcap
>> +}
>> +
>> +# This shell function sends a Router Solicitation packet.
>> +# test_ipv6_ra INPORT SRC_MAC SRC_LLA ADDR_MODE MTU RA_PREFIX_OPT
>> +test_ipv6_ra() {
>> + local inport=$1 src_mac=$2 src_lla=$3 addr_mode=$4 mtu=$5
>> prefix_opt=$6
>> + local request=333300000002${src_mac}86dd6000000000103aff${src_lla}
>> ff02000000000000000000000000000285000efc000000000101${src_mac}
>> +
>> + local len=24
>> + local mtu_opt=""
>> + if test $mtu != 0; then
>> + len=`expr $len + 8`
>> + mtu_opt=05010000${mtu}
>> + fi
>> +
>> + if test ${#prefix_opt} != 0; then
>> + prefix_opt=${prefix_opt}fdad1234567800000000000000000000
>> + len=`expr $len + ${#prefix_opt} / 2`
>> + fi
>> +
>> + len=$(printf "%x" $len)
>> + local lrp_mac=fa163e000001
>> + local lrp_lla=fe80000000000000f8163efffe000001
>> + local reply=${src_mac}${lrp_mac}86dd6000000000${len}3aff${lrp_lla}
>> ${src_lla}8600XXXXff${addr_mode}ffff00000000000000000101$
>> {lrp_mac}${mtu_opt}${prefix_opt}
>> + echo $reply >> $inport.expected
>> +
>> + as hv1 ovs-appctl netdev-dummy/receive hv1-vif${inport} $request
>> +}
>> +
>> +AT_CAPTURE_FILE([ofctl_monitor0.log])
>> +as hv1 ovs-ofctl monitor br-int resume --detach --no-chdir \
>> +--pidfile=ovs-ofctl0.pid 2> ofctl_monitor0.log
>> +
>> +# MTU is not set and the address mode is set to slaac
>> +addr_mode=00
>> +default_prefix_option_config=030440c0ffffffffffffffff00000000
>> +src_mac=fa163e000002
>> +src_lla=fe80000000000000f8163efffe000002
>> +test_ipv6_ra 1 $src_mac $src_lla $addr_mode 0
>> $default_prefix_option_config
>> +
>> +# NXT_RESUME should be 1.
>> +OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
>> +
>> +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap >
>> 1.packets
>> +
>> +cat 1.expected | cut -c -112 > expout
>> +AT_CHECK([cat 1.packets | cut -c -112], [0], [expout])
>> +
>> +# Skipping the ICMPv6 checksum.
>> +cat 1.expected | cut -c 117- > expout
>> +AT_CHECK([cat 1.packets | cut -c 117-], [0], [expout])
>> +
>> +rm -f *.expected
>> +reset_pcap_file hv1-vif1 hv1/vif1
>> +reset_pcap_file hv1-vif2 hv1/vif2
>> +reset_pcap_file hv1-vif3 hv1/vif3
>> +
>> +# Set the MTU to 1500
>> +ovn-nbctl --wait=hv set Logical_Router_Port lrp0 ipv6_ra_configs:mtu=1500
>> +
>> +addr_mode=00
>> +default_prefix_option_config=030440c0ffffffffffffffff00000000
>> +src_mac=fa163e000003
>> +src_lla=fe80000000000000f8163efffe000003
>> +mtu=000005dc
>> +
>> +test_ipv6_ra 2 $src_mac $src_lla $addr_mode $mtu
>> $default_prefix_option_config
>> +
>> +# NXT_RESUME should be 2.
>> +OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
>> +
>> +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap >
>> 2.packets
>> +
>> +cat 2.expected | cut -c -112 > expout
>> +AT_CHECK([cat 2.packets | cut -c -112], [0], [expout])
>> +
>> +# Skipping the ICMPv6 checksum.
>> +cat 2.expected | cut -c 117- > expout
>> +AT_CHECK([cat 2.packets | cut -c 117-], [0], [expout])
>> +
>> +rm -f *.expected
>> +reset_pcap_file hv1-vif1 hv1/vif1
>> +reset_pcap_file hv1-vif2 hv1/vif2
>> +reset_pcap_file hv1-vif3 hv1/vif3
>> +
>> +# Set the address mode to dhcpv6_stateful
>> +ovn-nbctl --wait=hv set Logical_Router_Port lrp0
>> ipv6_ra_configs:address_mode=dhcpv6_stateful
>> +
>> +addr_mode=80
>> +default_prefix_option_config=""
>> +src_mac=fa163e000004
>> +src_lla=fe80000000000000f8163efffe000004
>> +mtu=000005dc
>> +
>> +test_ipv6_ra 3 $src_mac $src_lla $addr_mode $mtu
>> $default_prefix_option_config
>> +
>> +# NXT_RESUME should be 3.
>> +OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
>> +
>> +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif3-tx.pcap >
>> 3.packets
>> +
>> +cat 3.expected | cut -c -112 > expout
>> +AT_CHECK([cat 3.packets | cut -c -112], [0], [expout])
>> +
>> +# Skipping the ICMPv6 checksum.
>> +cat 3.expected | cut -c 117- > expout
>> +AT_CHECK([cat 3.packets | cut -c 117-], [0], [expout])
>> +
>> +rm -f *.expected
>> +reset_pcap_file hv1-vif1 hv1/vif1
>> +reset_pcap_file hv1-vif2 hv1/vif2
>> +reset_pcap_file hv1-vif3 hv1/vif3
>> +
>> +# Set the address mode to dhcpv6_stateless
>> +ovn-nbctl --wait=hv set Logical_Router_Port lrp0
>> ipv6_ra_configs:address_mode=dhcpv6_stateless
>> +
>> +addr_mode=40
>> +default_prefix_option_config=030440c0ffffffffffffffff00000000
>> +src_mac=fa163e000002
>> +src_lla=fe80000000000000f8163efffe000002
>> +mtu=000005dc
>> +
>> +test_ipv6_ra 1 $src_mac $src_lla $addr_mode $mtu
>> $default_prefix_option_config
>> +
>> +# NXT_RESUME should be 4.
>> +OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
>> +
>> +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap >
>> 1.packets
>> +
>> +cat 1.expected | cut -c -112 > expout
>> +AT_CHECK([cat 1.packets | cut -c -112], [0], [expout])
>> +
>> +# Skipping the ICMPv6 checksum.
>> +cat 1.expected | cut -c 117- > expout
>> +AT_CHECK([cat 1.packets | cut -c 117-], [0], [expout])
>> +
>> +rm -f *.expected
>> +reset_pcap_file hv1-vif1 hv1/vif1
>> +reset_pcap_file hv1-vif2 hv1/vif2
>> +reset_pcap_file hv1-vif3 hv1/vif3
>> +
>> +# Set the address mode to invalid.
>> +ovn-nbctl --wait=hv set Logical_Router_Port lrp0
>> ipv6_ra_configs:address_mode=invalid
>> +
>> +addr_mode=40
>> +default_prefix_option_config=""
>> +src_mac=fa163e000002
>> +src_lla=fe80000000000000f8163efffe000002
>> +mtu=000005dc
>> +
>> +test_ipv6_ra 1 $src_mac $src_lla $addr_mode $mtu
>> $default_prefix_option_config
>> +
>> +# NXT_RESUME should be 4 only.
>> +OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
>> +
>> +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap >
>> 1.packets
>> +AT_CHECK([cat 1.packets], [0], [])
>> +
>> +OVN_CLEANUP([hv1])
>> +AT_CLEANUP
>> +
>> AT_SETUP([ovn -- /32 router IP address])
>> AT_SKIP_IF([test $HAVE_PYTHON = no])
>> ovn_start
>> --
>> 2.13.0
>>
>> _______________________________________________
>> dev mailing list
>> d...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>
>
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
