This patch updates method is_nd to let type ND_ROUTER_SOLICIT,
ND_ROUTER_ADVERT, ND_REDIRECT can be recoginzed.
And introduces method is_nd_neighbor for inherit current is_nd behavior.
v1 -> v2
rebased, introduces method is_nd_neighbor.
---
lib/flow.h | 11 +++++++++--
lib/nx-match.c | 2 +-
lib/odp-util.c | 4 ++--
ovn/controller/pinctrl.c | 10 ++++++----
4 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/lib/flow.h b/lib/flow.h
index 5b83695..64200a5 100644
--- a/lib/flow.h
+++ b/lib/flow.h
@@ -936,12 +936,19 @@ static inline bool is_nd(const struct flow *flow,
if (wc) {
memset(&wc->masks.tp_src, 0xff, sizeof wc->masks.tp_src);
}
- return (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT) ||
- flow->tp_src == htons(ND_NEIGHBOR_ADVERT));
+ return (flow->tp_src >= htons(ND_ROUTER_SOLICIT)
+ && flow->tp_src <= htons(ND_REDIRECT));
}
return false;
}
+static inline bool is_nd_neighbor(const struct flow *flow,
+ struct flow_wildcards *wc)
+{
+ return is_nd(flow, wc) && (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)
+ || flow->tp_src == htons(ND_NEIGHBOR_ADVERT));
+}
+
static inline bool is_igmp(const struct flow *flow, struct flow_wildcards *wc)
{
if (flow->dl_type == htons(ETH_TYPE_IP)) {
diff --git a/lib/nx-match.c b/lib/nx-match.c
index b03ccf2..806da3e 100644
--- a/lib/nx-match.c
+++ b/lib/nx-match.c
@@ -879,7 +879,7 @@ nxm_put_ip(struct ofpbuf *b, const struct match *match,
enum ofp_version oxm)
nxm_put_8(b, MFF_ICMPV6_CODE, oxm,
ntohs(flow->tp_dst));
}
- if (is_nd(flow, NULL)) {
+ if (is_nd_neighbor(flow, NULL)) {
nxm_put_ipv6(b, MFF_ND_TARGET, oxm,
&flow->nd_target, &match->wc.masks.nd_target);
if (flow->tp_src == htons(ND_NEIGHBOR_SOLICIT)) {
diff --git a/lib/odp-util.c b/lib/odp-util.c
index 6d29b67..0d7bede 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -4428,7 +4428,7 @@ odp_flow_key_from_flow__(const struct odp_flow_key_parms
*parms,
icmpv6_key->icmpv6_type = ntohs(data->tp_src);
icmpv6_key->icmpv6_code = ntohs(data->tp_dst);
- if (is_nd(flow, NULL)
+ if (is_nd_neighbor(flow, NULL)
/* Even though 'tp_src' and 'tp_dst' are 16 bits wide, ICMP
* type and code are 8 bits wide. Therefore, an exact match
* looks like htons(0xff), not htons(0xffff). See
@@ -4963,7 +4963,7 @@ parse_l2_5_onward(const struct nlattr
*attrs[OVS_KEY_ATTR_MAX + 1],
flow->tp_src = htons(icmpv6_key->icmpv6_type);
flow->tp_dst = htons(icmpv6_key->icmpv6_code);
expected_bit = OVS_KEY_ATTR_ICMPV6;
- if (is_nd(src_flow, NULL)) {
+ if (is_nd_neighbor(src_flow, NULL)) {
if (!is_mask) {
expected_attrs |= UINT64_C(1) << OVS_KEY_ATTR_ND;
}
diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index d65e213..4ef2366 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -1353,11 +1353,13 @@ static void
pinctrl_handle_nd_na(const struct flow *ip_flow, const struct match *md,
struct ofpbuf *userdata)
{
- /* This action only works for IPv6 ND packets, and the switch should only
- * send us ND packets this way, but check here just to be sure. */
- if (!is_nd(ip_flow, NULL)) {
+ /* This action only works for IPv6 ND Neighbor Solicitation packets,
+ * and the switch should only send us such packets this way, but check
+ * here just to be sure. */
+ if (!is_nd_neighbor(ip_flow, NULL)
+ || ip_flow->tp_src != htons(ND_NEIGHBOR_SOLICIT)) {
static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
- VLOG_WARN_RL(&rl, "NA action on non-ND packet");
+ VLOG_WARN_RL(&rl, "NA action on non-ND-NS packet");
return;
}
--
2.7.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
