From: Numan Siddique
This patch adds 2 stages in router pipeline after ARP_RESOLVE
and adds the logical flows to check the packet length and
generate ICMPv4 packet.
* S_ROUTER_IN_CHK_PKT_LEN - Which checks the packet length using
check_pkt_larger OVN action
* S_ROUTER_IN_LARGER_PKTS - Which generates icmp packet with
type 3 (Destination Unreachable),
code 4 (Frag Needed and DF was Set)
icmp4.frag_mtu = gw_mtu
In order to add these logical flows, CMS should set the
option 'gateway_mtu' for the distributed logical router port.
Signed-off-by: Numan Siddique
Acked-by: Mark Michelson
---
ovn/northd/ovn-northd.8.xml | 83 +-
ovn/northd/ovn-northd.c | 92 +++-
tests/ovn.at| 167
3 files changed, 336 insertions(+), 6 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index 392a5efc9..345023eb4 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -2002,7 +2002,86 @@ next;
-Ingress Table 9: Gateway Redirect
+Ingress Table 9: Check packet length
+
+
+ For distributed logical routers with distributed gateway port configured
+ with options:gateway_mtu to a valid integer value, this
+ table adds a priority-50 logical flow with the match
+ ip4 && outport == GW_PORT where
+ GW_PORT is the distributed gateway router port and applies the
+ action check_pkt_larger and advances the packet to the
+ next table.
+
+
+
+REGBIT_PKT_LARGER = check_pkt_larger(L); next;
+
+
+
+ where L is the packet length to check for. If the packet
+ is larger than L, it stores 1 in the register bit
+ REGBIT_PKT_LARGER. The value of
+ L is taken from column of
+ row.
+
+
+
+ This table adds one priority-0 fallback flow that matches all packets
+ and advances to the next table.
+
+
+Ingress Table 10: Handle larger packets
+
+
+ For distributed logical routers with distributed gateway port configured
+ with options:gateway_mtu to a valid integer value, this
+ table adds the following priority-50 logical flow for each
+ logical router port with the match ip4 &&
+ inport == LRP && outport == GW_PORT
+ && REGBIT_PKT_LARGER, where LRP is the logical
+ router port and GW_PORT is the distributed gateway router port
+ and applies the following action
+
+
+
+icmp4 {
+icmp4.type = 3; /* Destination Unreachable. */
+icmp4.code = 4; /* Frag Needed and DF was Set. */
+icmp4.frag_mtu = M;
+eth.dst = E;
+ip4.dst = ip4.src;
+ip4.src = I;
+ip.ttl = 255;
+REGBIT_EGRESS_LOOPBACK = 1;
+next(pipeline=ingress, table=0);
+};
+
+
+
+
+Where M is the (fragment MTU - 58) whose value is taken from
+ column of
+ row.
+
+
+
+E is the Ethernet address of the logical router port.
+
+
+
+I is the IPv4 address of the logical router port.
+
+
+
+
+ This table adds one priority-0 fallback flow that matches all packets
+ and advances to the next table.
+
+
+Ingress Table 11: Gateway Redirect
For distributed logical routers where one of the logical router
@@ -2059,7 +2138,7 @@ next;
-Ingress Table 10: ARP Request
+Ingress Table 12: ARP Request
In the common case where the Ethernet destination has been resolved, this
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 5614f9fa3..92e0e9c9d 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -142,8 +142,10 @@ enum ovn_stage {
PIPELINE_STAGE(ROUTER, IN, ND_RA_RESPONSE, 6, "lr_in_nd_ra_response") \
PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 7, "lr_in_ip_routing") \
PIPELINE_STAGE(ROUTER, IN, ARP_RESOLVE,8, "lr_in_arp_resolve") \
-PIPELINE_STAGE(ROUTER, IN, GW_REDIRECT,9, "lr_in_gw_redirect") \
-PIPELINE_STAGE(ROUTER, IN, ARP_REQUEST,10, "lr_in_arp_request") \
+PIPELINE_STAGE(ROUTER, IN, CHK_PKT_LEN , 9, "lr_in_chk_pkt_len") \
+PIPELINE_STAGE(ROUTER, IN, LARGER_PKTS,10,"lr_in_larger_pkts") \
+PIPELINE_STAGE(ROUTER, IN, GW_REDIRECT,11, "lr_in_gw_redirect") \
+PIPELINE_STAGE(ROUTER, IN, ARP_REQUEST,12, "lr_in_arp_request") \
\
/* Logical router egress stages. */ \
PIPELINE_STAGE(ROUTER, OUT, UNDNAT,0, "lr_out_undnat")\
@@ -179,6 +181,8 @@ enum ovn_stage {
* logical router dropping packets with source IP address equals
* one of the logical router's own IP addresses. */
#define REGBIT_EGRESS_LOOPBACK "reg9[1]"
+/* Register to store the resu