ovn: the implementation of icmp4 reject actions.
Update the ovn manpage and ovn-nb.ovsschema for icmp4 reject actions.
Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtong...@opencloud.tech>
diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema
index 460d5bd..9842664 100644
--- a/ovn/ovn-nb.ovsschema
+++ b/ovn/ovn-nb.ovsschema
@@ -1,7 +1,7 @@
{
"name": "OVN_Northbound",
"version": "5.0.0",
- "cksum": "849073644 7576",
+ "cksum": "2026671360 7919",
"tables": {
"Logical_Switch": {
"columns": {
@@ -87,6 +87,10 @@
"match": {"type": "string"},
"action": {"type": {"key": {"type": "string",
"enum": ["set", ["allow",
"allow-related", "drop", "reject"]]}}},
+ "reject_action": {"type": {"key": {"type": "string",
+ "enum": ["set",
["icmp-net-unreachable", "icmp-host-unreachable",
+ "icmp-proto-unreachable",
"icmp-port-unreachable", "icmp-net-prohibited",
+ "icmp-host-prohibited",
"icmp-admin-prohibited", "tcp-reset", ""]]}}},
"log": {"type": "boolean"},
"external_ids": {
"type": {"key": "string", "value": "string”,
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
index e571eeb..70d20da 100644
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -681,13 +681,51 @@
</li>
<li>
- <code>reject</code>: Drop the packet, replying with a RST for TCP or
- ICMP unreachable message for other IP-based protocols.
- <code>Not implemented--currently treated as drop</code>
+ <code>reject</code>: Reject the packet, replying with a RST for TCP
or
+ ICMP unreachable message for other IP-based protocols. Reject action
support only <code>from-lport</code> direction.
</li>
</ul>
</column>
+ <column name="reject_action">
+ <p>The action to take when the reject ACL rule matches:</p>
+ <ul>
+ <li>
+ <code>icmp-net-unreachable</code>: ICMP network unreachable
(default).
+ </li>
+
+ <li>
+ <code>icmp-host-unreachable</code>: ICMP host unreachable.
+ </li>
+
+ <li>
+ <code>icmp-proto-unreachable</code>: ICMP protocol unreachable.
+ </li>
+
+ <li>
+ <code>icmp-port-unreachable</code>: ICMP port unreachable.
+ </li>
+
+ <li>
+ <code>icmp-net-prohibited</code>: ICMP network prohibited.
+ </li>
+
+ <li>
+ <code>icmp-host-prohibited</code>: ICMP host prohibited.
+ </li>
+
+ <li>
+ <code>icmp-admin-prohibited</code>: ICMP administratively prohibited.
+ </li>
+
+ <li>
+ <code>tcp-reset</code>: TCP RST packet.
+ <code>Not implemented--currently treated as
icmp-net-unreachable</code>
+ </li>
+
+ </ul>
+ </column>
+
<column name="log">
<p>
If set to <code>true</code>, packets that match the ACL will trigger a
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 7b45bbb..73e9799 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -1251,10 +1251,6 @@
<li><code>icmp4.code = 1</code> (host unreachable)</li>
</ul>
- <p>
- Details TBD.
- </p>
-
<p><b>Prerequisite:</b> <code>ip4</code></p>
</dd>
thanks,
nick
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
