When adding a route with ovs/route/add command, the source address
in "ovs_router_entry" structure is always the FIRST address that the
interface has. See "ovs_router_get_netdev_source_address"
function for more information.
If an interface has multiple ipv4 and/or ipv6 addresses, there are use
cases where the user wants to control the source address. This patch
therefore addresses this issue by adding a src parameter.
Note that same constraints also exist when caching routes from
Kernel FIB with Netlink, but are not dealt with in this patch.
Signed-off-by: Nobuhiro MIKI <nm...@yahoo-corp.jp>
---
NEWS | 3 +
lib/ovs-router.c | 134 ++++++++++++++++++++++++--------
ofproto/ofproto-tnl-unixctl.man | 9 ++-
tests/ovs-router.at | 78 +++++++++++++++++++
4 files changed, 188 insertions(+), 36 deletions(-)
diff --git a/NEWS b/NEWS
index fe6055a2700b..9d98e1573e3b 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ Post-v3.1.0
* OVS now collects per-interface upcall statistics that can be obtained
via 'ovs-appctl dpctl/show -s' or the interface's statistics column
in OVSDB. Available with upstream kernel 6.2+.
+ - ovs-appctl:
+ * Add support for selecting the source address with the
+ “ovs-appctl ovs/route/add" command.
v3.1.0 - xx xxx xxxx
diff --git a/lib/ovs-router.c b/lib/ovs-router.c
index 5d0fbd503e9e..8f2587444034 100644
--- a/lib/ovs-router.c
+++ b/lib/ovs-router.c
@@ -164,6 +164,47 @@ static void rt_init_match(struct match *match, uint32_t
mark,
match->flow.pkt_mark = mark;
}
+static int
+verify_prefsrc(const struct in6_addr *ip6_dst,
+ const char output_bridge[],
+ struct in6_addr *prefsrc)
+{
+ struct in6_addr *mask, *addr6;
+ int err, n_in6, i;
+ struct netdev *dev;
+
+ err = netdev_open(output_bridge, NULL, &dev);
+ if (err) {
+ return err;
+ }
+
+ err = netdev_get_addr_list(dev, &addr6, &mask, &n_in6);
+ if (err) {
+ goto out;
+ }
+
+ err = ENOENT;
+ for (i = 0; i < n_in6; i++) {
+ struct in6_addr a1, a2;
+ a1 = ipv6_addr_bitand(ip6_dst, &mask[i]);
+ a2 = ipv6_addr_bitand(prefsrc, &mask[i]);
+
+ /* Check that the intarface has "prefsrc" and
+ * it is same broadcast domain with "ip6_dst". */
+ if (IN6_ARE_ADDR_EQUAL(prefsrc, &addr6[i]) &&
+ IN6_ARE_ADDR_EQUAL(&a1, &a2)) {
+ err = 0;
+ goto out;
+ }
+ }
+
+out:
+ free(addr6);
+ free(mask);
+ netdev_close(dev);
+ return err;
+}
+
int
ovs_router_get_netdev_source_address(const struct in6_addr *ip6_dst,
const char output_bridge[],
@@ -217,7 +258,8 @@ static int
ovs_router_insert__(uint32_t mark, uint8_t priority, bool local,
const struct in6_addr *ip6_dst,
uint8_t plen, const char output_bridge[],
- const struct in6_addr *gw)
+ const struct in6_addr *gw,
+ const struct in6_addr *ip6_src)
{
const struct cls_rule *cr;
struct ovs_router_entry *p;
@@ -236,11 +278,21 @@ ovs_router_insert__(uint32_t mark, uint8_t priority, bool
local,
p->plen = plen;
p->local = local;
p->priority = priority;
- err = ovs_router_get_netdev_source_address(ip6_dst, output_bridge,
- &p->src_addr);
- if (err && ipv6_addr_is_set(gw)) {
- err = ovs_router_get_netdev_source_address(gw, output_bridge,
+
+ if (ipv6_addr_is_set(ip6_src)) {
+ p->src_addr = *ip6_src;
+
+ err = verify_prefsrc(ip6_dst, output_bridge, &p->src_addr);
+ if (err && ipv6_addr_is_set(gw)) {
+ err = verify_prefsrc(gw, output_bridge, &p->src_addr);
+ }
+ } else {
+ err = ovs_router_get_netdev_source_address(ip6_dst, output_bridge,
&p->src_addr);
+ if (err && ipv6_addr_is_set(gw)) {
+ err = ovs_router_get_netdev_source_address(gw, output_bridge,
+ &p->src_addr);
+ }
}
if (err) {
struct ds ds = DS_EMPTY_INITIALIZER;
@@ -274,7 +326,8 @@ ovs_router_insert(uint32_t mark, const struct in6_addr
*ip_dst, uint8_t plen,
{
if (use_system_routing_table) {
uint8_t priority = local ? plen + 64 : plen;
- ovs_router_insert__(mark, priority, local, ip_dst, plen,
output_bridge, gw);
+ ovs_router_insert__(mark, priority, local, ip_dst, plen,
+ output_bridge, gw, &in6addr_any);
}
}
@@ -342,47 +395,64 @@ ovs_router_add(struct unixctl_conn *conn, int argc,
const char *argv[], void *aux OVS_UNUSED)
{
struct in6_addr gw6 = in6addr_any;
+ struct in6_addr src6 = in6addr_any;
struct in6_addr ip6;
uint32_t mark = 0;
unsigned int plen;
+ ovs_be32 gw = 0;
+ ovs_be32 src = 0;
ovs_be32 ip;
int err;
+ bool is_ipv6 = false;
+ char src6_s[IPV6_SCAN_LEN + 1];
+ int i;
if (scan_ipv4_route(argv[1], &ip, &plen)) {
- ovs_be32 gw = 0;
-
- if (argc > 3) {
- if (!ovs_scan(argv[3], "pkt_mark=%"SCNi32, &mark) &&
- !ip_parse(argv[3], &gw)) {
- unixctl_command_reply_error(conn, "Invalid pkt_mark or
gateway");
- return;
- }
- }
in6_addr_set_mapped_ipv4(&ip6, ip);
- if (gw) {
- in6_addr_set_mapped_ipv4(&gw6, gw);
- }
plen += 96;
} else if (scan_ipv6_route(argv[1], &ip6, &plen)) {
- if (argc > 3) {
- if (!ovs_scan(argv[3], "pkt_mark=%"SCNi32, &mark) &&
- !ipv6_parse(argv[3], &gw6)) {
- unixctl_command_reply_error(conn, "Invalid pkt_mark or IPv6
gateway");
- return;
- }
- }
+ is_ipv6 = true;
} else {
unixctl_command_reply_error(conn, "Invalid parameters");
return;
}
- if (argc > 4) {
- if (!ovs_scan(argv[4], "pkt_mark=%"SCNi32, &mark)) {
- unixctl_command_reply_error(conn, "Invalid pkt_mark");
- return;
+
+ /* Parse optional parameters. */
+ for (i = 3; i < argc; i++) {
+ if (ovs_scan(argv[i], "pkt_mark=%"SCNi32, &mark)) {
+ continue;
}
+
+ if (is_ipv6) {
+ if (ovs_scan(argv[i], "src="IPV6_SCAN_FMT, src6_s) &&
+ ipv6_parse(src6_s, &src6)) {
+ continue;
+ }
+ if (ipv6_parse(argv[i], &gw6)) {
+ continue;
+ }
+ } else {
+ if (ovs_scan(argv[i], "src="IP_SCAN_FMT, IP_SCAN_ARGS(&src))) {
+ continue;
+ }
+ if (ip_parse(argv[i], &gw)) {
+ continue;
+ }
+ }
+
+ unixctl_command_reply_error(conn, "Invalid parameters");
+ return;
}
- err = ovs_router_insert__(mark, plen + 32, false, &ip6, plen, argv[2],
&gw6);
+ if (gw) {
+ in6_addr_set_mapped_ipv4(&gw6, gw);
+ }
+ if (src) {
+ in6_addr_set_mapped_ipv4(&src6, src);
+ }
+
+ err = ovs_router_insert__(mark, plen + 32, false, &ip6, plen, argv[2],
+ &gw6, &src6);
if (err) {
unixctl_command_reply_error(conn, "Error while inserting route.");
} else {
@@ -533,8 +603,8 @@ ovs_router_init(void)
classifier_init(&cls, NULL);
unixctl_command_register("ovs/route/add",
"ip_addr/prefix_len out_br_name [gw] "
- "[pkt_mark=mark]",
- 2, 4, ovs_router_add, NULL);
+ "[pkt_mark=mark] [src=src_ip_addr]",
+ 2, 5, ovs_router_add, NULL);
unixctl_command_register("ovs/route/show", "", 0, 0,
ovs_router_show, NULL);
unixctl_command_register("ovs/route/del", "ip_addr/prefix_len "
diff --git a/ofproto/ofproto-tnl-unixctl.man b/ofproto/ofproto-tnl-unixctl.man
index 13a465119a90..3d8f8261f3c4 100644
--- a/ofproto/ofproto-tnl-unixctl.man
+++ b/ofproto/ofproto-tnl-unixctl.man
@@ -1,8 +1,9 @@
.SS "OPENVSWITCH TUNNELING COMMANDS"
These commands query and modify OVS tunnel components.
.
-.IP "\fBovs/route/add ipv4_address/plen output_bridge [GW]\fR"
-Adds ipv4_address/plen route to vswitchd routing table. output_bridge
+.IP "\fBovs/route/add \fIip\fB/\fIplen\fB \fIoutput_bridge\fB \
+[\fIgateway\fB] [pkt_mark=\fImark\fB] [src=\fIsrc_ip\fB]\fR"
+Adds \fIip\fR/\fIplen\fR route to vswitchd routing table. \fIoutput_bridge\fR
needs to be OVS bridge name. This command is useful if OVS cached
routes does not look right.
.
@@ -10,8 +11,8 @@ routes does not look right.
Print all routes in OVS routing table, This includes routes cached
from system routing table and user configured routes.
.
-.IP "\fBovs/route/del ipv4_address/plen\fR"
-Delete ipv4_address/plen route from OVS routing table.
+.IP "\fBovs/route/del \fIip\fB/\fIplen\fR"
+Delete \fIip\fR/\fIplen\fR route from OVS routing table.
.
.IP "\fBtnl/neigh/show\fR"
.IP "\fBtnl/arp/show\fR"
diff --git a/tests/ovs-router.at b/tests/ovs-router.at
index 6dacc2954bc6..42f01b6281e9 100644
--- a/tests/ovs-router.at
+++ b/tests/ovs-router.at
@@ -12,6 +12,84 @@ AT_CHECK([ovs-appctl ovs/route/add 1.1.1.0/24 br0 2.2.2.10],
[0], [OK
OVS_VSWITCHD_STOP
AT_CLEANUP
+AT_SETUP([appctl - route/add with src - ipv4])
+AT_KEYWORDS([ovs_router])
+OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=dummy])
+AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 192.168.9.2/24], [0], [OK
+])
+AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 192.168.9.3/24], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 192.168.9.11/32 br0 src=192.168.9.3], [0],
[OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 192.168.10.12/32 br0 192.168.9.1
src=192.168.9.3], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 192.168.10.13/32 br0 192.168.9.1
pkt_mark=13 src=192.168.9.3], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 192.168.10.14/32 br0 192.168.9.1
pkt_mark=14 src=192.168.9.2], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 192.168.10.15/32 br0 192.168.9.1
src=foo.bar.9.200], [2], [], [dnl
+Invalid parameters
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+AT_CHECK([ovs-appctl ovs/route/add 192.168.10.16/32 br0 192.168.9.1
src=192.168.9.200], [2], [], [dnl
+Error while inserting route.
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+AT_CHECK([ovs-appctl ovs/route/add 192.168.10.17/32 br0 192.168.11.1
src=192.168.9.3], [2], [], [dnl
+Error while inserting route.
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+AT_CHECK([ovs-appctl ovs/route/add 192.168.10.18/32 br0 src=192.168.9.3], [2],
[], [dnl
+Error while inserting route.
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+AT_CHECK([ovs-appctl ovs/route/show | grep User | grep 192.168.10 | sort],
[0], [dnl
+User: 192.168.10.12/32 dev br0 GW 192.168.9.1 SRC 192.168.9.3
+User: 192.168.10.13/32 MARK 13 dev br0 GW 192.168.9.1 SRC 192.168.9.3
+User: 192.168.10.14/32 MARK 14 dev br0 GW 192.168.9.1 SRC 192.168.9.2
+])
+OVS_VSWITCHD_STOP
+AT_CLEANUP
+
+AT_SETUP([appctl - route/add with src - ipv6])
+AT_KEYWORDS([ovs_router])
+OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=dummy])
+AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:db8:cafe::2/64], [0], [OK
+])
+AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:db8:cafe::3/64], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:db8:cafe::11/128 br0
src=2001:db8:cafe::3], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:db8:beef::12/128 br0 2001:db8:cafe::1
src=2001:db8:cafe::3], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:db8:beef::13/128 br0 2001:db8:cafe::1
pkt_mark=13 src=2001:db8:cafe::3], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:db8:beef::14/128 br0 2001:db8:cafe::1
pkt_mark=14 src=2001:db8:cafe::2], [0], [OK
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:db8:beef::15/128 br0 2001:db8:cafe::1
src=foo:bar:2001:db8:cafe], [2], [], [dnl
+Invalid parameters
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:db8:beef::16/128 br0 2001:db8:cafe::1
src=2001:db8:cafe::200], [2], [], [dnl
+Error while inserting route.
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:db8:beef::17/128 br0 2001:db8:face::1
src=2001:db8:cafe::3], [2], [], [dnl
+Error while inserting route.
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+AT_CHECK([ovs-appctl ovs/route/add 2001:db8:beef::18/128 br0
src=2001:db8:cafe::3], [2], [], [dnl
+Error while inserting route.
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+AT_CHECK([ovs-appctl ovs/route/show | grep User | grep 2001:db8:beef | sort],
[0], [dnl
+User: 2001:db8:beef::12/128 dev br0 GW 2001:db8:cafe::1 SRC 2001:db8:cafe::3
+User: 2001:db8:beef::13/128 MARK 13 dev br0 GW 2001:db8:cafe::1 SRC
2001:db8:cafe::3
+User: 2001:db8:beef::14/128 MARK 14 dev br0 GW 2001:db8:cafe::1 SRC
2001:db8:cafe::2
+])
+OVS_VSWITCHD_STOP
+AT_CLEANUP
+
AT_SETUP([appctl - route/lookup])
AT_KEYWORDS([ovs_router])
OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=dummy])
--
2.31.1
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
