diff options
| -rw-r--r-- | ovn/northd/ovn-northd.8.xml | 5 | ||||
| -rw-r--r-- | ovn/northd/ovn-northd.c | 14 | ||||
| -rw-r--r-- | tests/ovn.at | 1 |
3 files changed, 18 insertions, 2 deletions
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index 08e0325a0..fa5e5f9d7 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -1339,8 +1339,9 @@ nd_na { <li> <p> - Protocol unreachable. Priority-70 flows generate ICMP protocol - unreachable messages in reply to packets directed to the router's IP + Protocol or address unreachable. Priority-70 flows generate ICMP + protocol or address unreachable messages for IPv4 and IPv6 + respectively in reply to packets directed to the router's IP address on IP protocols other than UDP, TCP, and ICMP, except in the special case of gateways, which accept traffic directed to a router IP for load balancing purposes. diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 912e0188d..1d1484687 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -5352,6 +5352,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "next; };"; ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80, ds_cstr(&match), action); + + ds_clear(&match); + ds_put_format(&match, + "ip6 && ip6.dst == %s && !ip.later_frag", + op->lrp_networks.ipv6_addrs[i].addr_s); + action = "icmp6 {" + "eth.dst <-> eth.src; " + "ip6.dst <-> ip6.src; " + "ip.ttl = 255; " + "icmp6.type = 1; " + "icmp6.code = 3; " + "next; };"; + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70, + ds_cstr(&match), action); } } diff --git a/tests/ovn.at b/tests/ovn.at index cf92399e6..0185317e2 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -10515,6 +10515,7 @@ test_ip6_packet 1 1 000000000001 00000000ff01 20010db8000100000000000000000011 2 OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [vif1.expected]) test_tcp_syn_packet 2 2 000000000002 00000000ff02 $(ip_to_hex 192 168 2 1) $(ip_to_hex 192 168 2 254) 0000 8b40 3039 0000 7bae 4486 +test_ip6_packet 2 2 000000000002 00000000ff02 20010db8000200000000000000000011 20010db8000200000000000000000001 84 0004 01020304 0103 627e OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [vif2.expected]) OVN_CLEANUP([hv1], [hv2]) |