According to RFC 4861, Neighbor Discovery messages should only match
when the Hop Limit is 255 to prevent off-link senders from sending ND
messages. This commit limits matching to that Hop Limit.
It also introduces Neighbor Discovery Solicitation ("nd_sol") and
Advertisement ("nd_adv") definitions.
The "nd.sll" and "nd.tll" only apply to "nd_sol" and "nd_adv",
respectively. This commit limits those symbols appropriately. (Note
that Router and Redirect also use those fields, but they will like not
use "nd" in their description.
Signed-off-by: Justin Pettit <jpet...@ovn.org>
---
ovn/controller/lflow.c | 10 +++++++---
ovn/ovn-sb.xml | 4 +++-
tests/test-ovn.c | 7 ++++++-
3 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/ovn/controller/lflow.c b/ovn/controller/lflow.c
index b77b364..10a7e18 100644
--- a/ovn/controller/lflow.c
+++ b/ovn/controller/lflow.c
@@ -146,12 +146,16 @@ lflow_init(void)
expr_symtab_add_field(&symtab, "arp.tha", MFF_ARP_THA, "arp", false);
expr_symtab_add_predicate(&symtab, "nd",
- "icmp6.type == {135, 136} && icmp6.code == 0");
+ "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(&symtab, "nd_sol",
+ "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(&symtab, "nd_adv",
+ "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
expr_symtab_add_field(&symtab, "nd.target", MFF_ND_TARGET, "nd", false);
expr_symtab_add_field(&symtab, "nd.sll", MFF_ND_SLL,
- "nd && icmp6.type == 135", false);
+ "nd_sol && icmp6.type == 135", false);
expr_symtab_add_field(&symtab, "nd.tll", MFF_ND_TLL,
- "nd && icmp6.type == 136", false);
+ "nd_adv && icmp6.type == 136", false);
expr_symtab_add_predicate(&symtab, "tcp", "ip.proto == 6");
expr_symtab_add_field(&symtab, "tcp.src", MFF_TCP_SRC, "tcp", false);
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 7b45bbb..2914349 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -803,7 +803,9 @@
<li><code>ip.later_frag</code> expands to <code>ip.frag[1]</code></li>
<li><code>ip.first_frag</code> expands to <code>ip.is_frag &&
!ip.later_frag</code></li>
<li><code>arp</code> expands to <code>eth.type == 0x806</code></li>
- <li><code>nd</code> expands to <code>icmp6.type == {135, 136}
&& icmp6.code == 0</code></li>
+ <li><code>nd</code> expands to <code>icmp6.type == {135, 136}
&& icmp6.code == 0 && ip.ttl == 255</code></li>
+ <li><code>nd_sol</code> expands to <code>icmp6.type == 135 &&
icmp6.code == 0 && ip.ttl == 255</code></li>
+ <li><code>nd_adv</code> expands to <code>icmp6.type == 136 &&
icmp6.code == 0 && ip.ttl == 255</code></li>
<li><code>tcp</code> expands to <code>ip.proto == 6</code></li>
<li><code>udp</code> expands to <code>ip.proto == 17</code></li>
<li><code>sctp</code> expands to <code>ip.proto == 132</code></li>
diff --git a/tests/test-ovn.c b/tests/test-ovn.c
index fd004c9..26affa0 100644
--- a/tests/test-ovn.c
+++ b/tests/test-ovn.c
@@ -212,7 +212,12 @@ create_symtab(struct shash *symtab)
expr_symtab_add_field(symtab, "arp.tpa", MFF_ARP_TPA, "arp", false);
expr_symtab_add_field(symtab, "arp.tha", MFF_ARP_THA, "arp", false);
- expr_symtab_add_predicate(symtab, "nd", "icmp6.type == {135, 136} &&
icmp6.code == 0");
+ expr_symtab_add_predicate(symtab, "nd",
+ "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(symtab, "nd_sol",
+ "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(symtab, "nd_adv",
+ "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET, "nd", false);
expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL,
"nd && icmp6.type == 135", false);
--
1.9.1
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
