diff options
| author | Lorenzo Bianconi <lorenzo.bianconi@redhat.com> | 2018-06-14 17:27:18 +0200 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2018-06-14 12:59:16 -0700 |
| commit | 0e2751ed7f0039471ae6457de8fc1d6bda8b037a (patch) | |
| tree | 0458737cba3155c08408f982061c9a1419c84c6f /ovn | |
| parent | 582c78f23ae836503b16b3addacdec052b5c0625 (diff) | |
| download | openvswitch-0e2751ed7f0039471ae6457de8fc1d6bda8b037a.tar.gz | |
OVN: add ICMP time exceeded support to OVN logical router
Using icmp4 action, send an ICMP time exceeded frame whenever
an OVN logical router receives an IPv4 packets whose TTL has
expired (ip.ttl == {0, 1})
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'ovn')
| -rw-r--r-- | ovn/northd/ovn-northd.8.xml | 4 | ||||
| -rw-r--r-- | ovn/northd/ovn-northd.c | 26 |
2 files changed, 23 insertions, 7 deletions
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index 1d68f1aab..759d3dace 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -1401,10 +1401,6 @@ icmp4 { next; }; </pre> - - <p> - Not yet implemented. - </p> </li> <li> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index aa6a18f16..74eefc6ca 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -4858,9 +4858,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 50, "eth.bcast", "drop;"); - /* TTL discard. - * - * XXX Need to send ICMP time exceeded if !ip.later_frag. */ + /* TTL discard */ ds_clear(&match); ds_put_cstr(&match, "ip4 && ip.ttl == {0, 1}"); ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_INPUT, 30, @@ -4926,6 +4924,28 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_cstr(&match), ds_cstr(&actions)); } + /* ICMP time exceeded */ + for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { + ds_clear(&match); + ds_clear(&actions); + + ds_put_format(&match, + "inport == %s && ip4 && " + "ip.ttl == {0, 1} && !ip.later_frag", op->json_key); + ds_put_format(&actions, + "icmp4 {" + "eth.dst <-> eth.src; " + "icmp4.type = 11; /* Time exceeded */ " + "icmp4.code = 0; /* TTL exceeded in transit */ " + "ip4.dst = ip4.src; " + "ip4.src = %s; " + "ip.ttl = 255; " + "next; };", + op->lrp_networks.ipv4_addrs[i].addr_s); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 40, + ds_cstr(&match), ds_cstr(&actions)); + } + /* ARP reply. These flows reply to ARP requests for the router's own * IP address. */ for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { |