Message ID | 1446594530-22162-8-git-send-email-jpettit@nicira.com |
---|---|
State | Accepted |
Headers | show |
On 11/03/2015 06:48 PM, Justin Pettit wrote: > Signed-off-by: Justin Pettit <jpettit@nicira.com> > --- > ovn/northd/ovn-northd.8.xml | 5 +---- > ovn/northd/ovn-northd.c | 23 ++++++++++++++++++++--- > 2 files changed, 21 insertions(+), 7 deletions(-) > > diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml > index 6f0a420..e7dec72 100644 > --- a/ovn/northd/ovn-northd.8.xml > +++ b/ovn/northd/ovn-northd.8.xml > @@ -340,6 +340,7 @@ ip4.dst = ip4.src; > ip4.src = <var>S</var>; > ip.ttl = 255; > icmp4.type = 0; > +inport = \"\"; /* Allow sending out inport. */ > next; > </pre> > > @@ -348,10 +349,6 @@ next; > each individual <code>inport</code>, and use the same actions in > which <var>S</var> is a function of <code>inport</code>. > </p> > - > - <p> > - Not yet implemented. > - </p> > </li> > > <li> > diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c > index 9996584..8fe0c2c 100644 > --- a/ovn/northd/ovn-northd.c > +++ b/ovn/northd/ovn-northd.c > @@ -1295,8 +1295,6 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, > /* This flow table structure is documented in ovn-northd(8), so please > * update ovn-northd.8.xml if you change anything. */ > > - /* XXX ICMP echo reply */ > - > /* Logical router ingress table 0: Admission control framework. */ > struct ovn_datapath *od; > HMAP_FOR_EACH (od, key_node, datapaths) { > @@ -1384,12 +1382,31 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, > match, "drop;"); > free(match); > > + /* ICMP echo reply. These flows reply to ICMP echo requests > + * received for the router's IP address. */ > + match = xasprintf( > + "inport == %s && (ip4.dst == "IP_FMT" || ip4.dst == "IP_FMT") && " You've got a duplicate condition here, checking ip4.dst == IP_FMT twice. > + "icmp4.type == 8 && icmp4.code == 0", > + op->json_key, IP_ARGS(op->ip), IP_ARGS(op->bcast)); > + char *actions = xasprintf( > + "ip4.dst = ip4.src; " > + "ip4.src = "IP_FMT"; " > + "ip.ttl = 255; " > + "icmp4.type = 0; " > + "inport = \"\"; /* Allow sending out inport. */ " > + "next; ", > + IP_ARGS(op->ip)); > + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90, > + match, actions); > + free(match); > + free(actions); > + > /* ARP reply. These flows reply to ARP requests for the router's own > * IP address. */ > match = xasprintf( > "inport == %s && arp.tpa == "IP_FMT" && arp.op == 1", > op->json_key, IP_ARGS(op->ip)); > - char *actions = xasprintf( > + actions = xasprintf( > "eth.dst = eth.src; " > "eth.src = "ETH_ADDR_FMT"; " > "arp.op = 2; /* ARP reply */ " >
On 11/03/2015 06:48 PM, Justin Pettit wrote: > Signed-off-by: Justin Pettit <jpettit@nicira.com> I haven't tested this yet, but it all looks right to me with fresh eyes. Acked-by: Russell Bryant <rbryant@redhat.com>
> On Nov 6, 2015, at 7:01 AM, Russell Bryant <rbryant@redhat.com> wrote: > > On 11/03/2015 06:48 PM, Justin Pettit wrote: >> Signed-off-by: Justin Pettit <jpettit@nicira.com> > > I haven't tested this yet, but it all looks right to me with fresh eyes. > > Acked-by: Russell Bryant <rbryant@redhat.com> Thanks for the reviews Russell and Flavio. I've pushed the series. --Justin
On Mon, Nov 09, 2015 at 03:22:28PM -0800, Justin Pettit wrote: > > On Nov 6, 2015, at 7:01 AM, Russell Bryant <rbryant@redhat.com> wrote: > > On 11/03/2015 06:48 PM, Justin Pettit wrote: > >> Signed-off-by: Justin Pettit <jpettit@nicira.com> > > > > I haven't tested this yet, but it all looks right to me with fresh eyes. > > > > Acked-by: Russell Bryant <rbryant@redhat.com> > > Thanks for the reviews Russell and Flavio. I've pushed the series. Justin, are you planning to add something to the testsuite to test this behavior?
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index 6f0a420..e7dec72 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -340,6 +340,7 @@ ip4.dst = ip4.src; ip4.src = <var>S</var>; ip.ttl = 255; icmp4.type = 0; +inport = \"\"; /* Allow sending out inport. */ next; </pre> @@ -348,10 +349,6 @@ next; each individual <code>inport</code>, and use the same actions in which <var>S</var> is a function of <code>inport</code>. </p> - - <p> - Not yet implemented. - </p> </li> <li> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 9996584..8fe0c2c 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -1295,8 +1295,6 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, /* This flow table structure is documented in ovn-northd(8), so please * update ovn-northd.8.xml if you change anything. */ - /* XXX ICMP echo reply */ - /* Logical router ingress table 0: Admission control framework. */ struct ovn_datapath *od; HMAP_FOR_EACH (od, key_node, datapaths) { @@ -1384,12 +1382,31 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, match, "drop;"); free(match); + /* ICMP echo reply. These flows reply to ICMP echo requests + * received for the router's IP address. */ + match = xasprintf( + "inport == %s && (ip4.dst == "IP_FMT" || ip4.dst == "IP_FMT") && " + "icmp4.type == 8 && icmp4.code == 0", + op->json_key, IP_ARGS(op->ip), IP_ARGS(op->bcast)); + char *actions = xasprintf( + "ip4.dst = ip4.src; " + "ip4.src = "IP_FMT"; " + "ip.ttl = 255; " + "icmp4.type = 0; " + "inport = \"\"; /* Allow sending out inport. */ " + "next; ", + IP_ARGS(op->ip)); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90, + match, actions); + free(match); + free(actions); + /* ARP reply. These flows reply to ARP requests for the router's own * IP address. */ match = xasprintf( "inport == %s && arp.tpa == "IP_FMT" && arp.op == 1", op->json_key, IP_ARGS(op->ip)); - char *actions = xasprintf( + actions = xasprintf( "eth.dst = eth.src; " "eth.src = "ETH_ADDR_FMT"; " "arp.op = 2; /* ARP reply */ "
Signed-off-by: Justin Pettit <jpettit@nicira.com> --- ovn/northd/ovn-northd.8.xml | 5 +---- ovn/northd/ovn-northd.c | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 7 deletions(-)