From patchwork Tue Jul 12 06:56:52 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Justin Pettit <jpettit@ovn.org>
X-Patchwork-Id: 647318
Return-Path: <dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from archives.nicira.com (archives.nicira.com [96.126.127.54])
	by ozlabs.org (Postfix) with ESMTP id 3rpdKK46Nnz9s9N
	for <incoming@patchwork.ozlabs.org>;
	Tue, 12 Jul 2016 20:21:09 +1000 (AEST)
Received: from archives.nicira.com (localhost [127.0.0.1])
	by archives.nicira.com (Postfix) with ESMTP id 36D5D1089F;
	Tue, 12 Jul 2016 03:20:28 -0700 (PDT)
X-Original-To: dev@openvswitch.org
Delivered-To: dev@openvswitch.org
Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67])
	by archives.nicira.com (Postfix) with ESMTPS id 8277E1075F
	for <dev@openvswitch.org>; Tue, 12 Jul 2016 03:20:25 -0700 (PDT)
Received: from bar5.cudamail.com (unknown [192.168.21.12])
	by mx1e4.cudamail.com (Postfix) with ESMTPS id 14F7B1E0644
	for <dev@openvswitch.org>; Tue, 12 Jul 2016 04:20:25 -0600 (MDT)
X-ASG-Debug-ID: 1468318824-09eadd72140c2c0001-byXFYA
Received: from mx3-pf3.cudamail.com ([192.168.14.3]) by bar5.cudamail.com
	with
	ESMTP id sigSgxT3LF9JqBGr (version=TLSv1 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO) for <dev@openvswitch.org>;
	Tue, 12 Jul 2016 04:20:24 -0600 (MDT)
X-Barracuda-Envelope-From: jpettit@ovn.org
X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.3
Received: from unknown (HELO slow1-d.mail.gandi.net) (217.70.178.86)
	by mx3-pf3.cudamail.com with SMTP; 12 Jul 2016 10:20:24 -0000
Received-SPF: pass (mx3-pf3.cudamail.com: SPF record at ovn.org designates
	217.70.178.86 as permitted sender)
X-Barracuda-Apparent-Source-IP: 217.70.178.86
X-Barracuda-RBL-IP: 217.70.178.86
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net
	[217.70.183.194])
	by slow1-d.mail.gandi.net (Postfix) with ESMTP id 13D214B6642
	for <dev@openvswitch.org>; Tue, 12 Jul 2016 12:17:16 +0200 (CEST)
X-Originating-IP: 98.234.50.139
Received: from localhost.localdomain (unknown [98.234.50.139])
	(Authenticated sender: jpettit@ovn.org)
	by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 81EB6C5A68
	for <dev@openvswitch.org>; Tue, 12 Jul 2016 12:17:15 +0200 (CEST)
X-CudaMail-Envelope-Sender: jpettit@ovn.org
From: Justin Pettit <jpettit@ovn.org>
To: dev@openvswitch.org
X-CudaMail-Whitelist-To: dev@openvswitch.org
X-CudaMail-MID: CM-V3-711003458
X-CudaMail-DTE: 071216
X-CudaMail-Originating-IP: 217.70.178.86
Date: Mon, 11 Jul 2016 23:56:52 -0700
X-ASG-Orig-Subj: [##CM-V3-711003458##][ovn-ipv6 22/26] ovn-controller:
	Tighten "nd" definition, add "nd_sol" and "nd_adv".
Message-Id: <1468306616-125783-23-git-send-email-jpettit@ovn.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1468306616-125783-1-git-send-email-jpettit@ovn.org>
References: <1468306616-125783-1-git-send-email-jpettit@ovn.org>
X-Barracuda-Connect: UNKNOWN[192.168.14.3]
X-Barracuda-Start-Time: 1468318824
X-Barracuda-Encrypted: DHE-RSA-AES256-SHA
X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi
X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?=
X-Virus-Scanned: by bsmtpd at cudamail.com
X-Barracuda-BRTS-Status: 1
Subject: [ovs-dev] [ovn-ipv6 22/26] ovn-controller: Tighten "nd" definition,
	add "nd_sol" and "nd_adv".
X-BeenThere: dev@openvswitch.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: <dev.openvswitch.org>
List-Unsubscribe: <http://openvswitch.org/mailman/options/dev>,
	<mailto:dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://openvswitch.org/pipermail/dev>
List-Post: <mailto:dev@openvswitch.org>
List-Help: <mailto:dev-request@openvswitch.org?subject=help>
List-Subscribe: <http://openvswitch.org/mailman/listinfo/dev>,
	<mailto:dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

According to RFC 4861, Neighbor Discovery messages should only match
when the Hop Limit is 255 to prevent off-link senders from sending ND
messages.  This commit limits matching to that Hop Limit.

It also introduces Neighbor Discovery Solicitation ("nd_sol") and
Advertisement ("nd_adv") definitions.

The "nd.sll" and "nd.tll" only apply to "nd_sol" and "nd_adv",
respectively.  This commit limits those symbols appropriately.  (Note
that Router and Redirect also use those fields, but they will like not
use "nd" in their description.

Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
---
 ovn/controller/lflow.c | 10 +++++++---
 ovn/ovn-sb.xml         |  4 +++-
 tests/test-ovn.c       |  7 ++++++-
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/ovn/controller/lflow.c b/ovn/controller/lflow.c
index b77b364..10a7e18 100644
--- a/ovn/controller/lflow.c
+++ b/ovn/controller/lflow.c
@@ -146,12 +146,16 @@ lflow_init(void)
     expr_symtab_add_field(&symtab, "arp.tha", MFF_ARP_THA, "arp", false);
 
     expr_symtab_add_predicate(&symtab, "nd",
-                              "icmp6.type == {135, 136} && icmp6.code == 0");
+              "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
+    expr_symtab_add_predicate(&symtab, "nd_sol",
+              "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
+    expr_symtab_add_predicate(&symtab, "nd_adv",
+              "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
     expr_symtab_add_field(&symtab, "nd.target", MFF_ND_TARGET, "nd", false);
     expr_symtab_add_field(&symtab, "nd.sll", MFF_ND_SLL,
-              "nd && icmp6.type == 135", false);
+              "nd_sol && icmp6.type == 135", false);
     expr_symtab_add_field(&symtab, "nd.tll", MFF_ND_TLL,
-              "nd && icmp6.type == 136", false);
+              "nd_adv && icmp6.type == 136", false);
 
     expr_symtab_add_predicate(&symtab, "tcp", "ip.proto == 6");
     expr_symtab_add_field(&symtab, "tcp.src", MFF_TCP_SRC, "tcp", false);
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 7b45bbb..2914349 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -803,7 +803,9 @@
         <li><code>ip.later_frag</code> expands to <code>ip.frag[1]</code></li>
         <li><code>ip.first_frag</code> expands to <code>ip.is_frag &amp;&amp; !ip.later_frag</code></li>
         <li><code>arp</code> expands to <code>eth.type == 0x806</code></li>
-        <li><code>nd</code> expands to <code>icmp6.type == {135, 136} &amp;&amp; icmp6.code == 0</code></li>
+        <li><code>nd</code> expands to <code>icmp6.type == {135, 136} &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
+        <li><code>nd_sol</code> expands to <code>icmp6.type == 135 &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
+        <li><code>nd_adv</code> expands to <code>icmp6.type == 136 &amp;&amp; icmp6.code == 0 &amp;&amp; ip.ttl == 255</code></li>
         <li><code>tcp</code> expands to <code>ip.proto == 6</code></li>
         <li><code>udp</code> expands to <code>ip.proto == 17</code></li>
         <li><code>sctp</code> expands to <code>ip.proto == 132</code></li>
diff --git a/tests/test-ovn.c b/tests/test-ovn.c
index fd004c9..26affa0 100644
--- a/tests/test-ovn.c
+++ b/tests/test-ovn.c
@@ -212,7 +212,12 @@ create_symtab(struct shash *symtab)
     expr_symtab_add_field(symtab, "arp.tpa", MFF_ARP_TPA, "arp", false);
     expr_symtab_add_field(symtab, "arp.tha", MFF_ARP_THA, "arp", false);
 
-    expr_symtab_add_predicate(symtab, "nd", "icmp6.type == {135, 136} && icmp6.code == 0");
+    expr_symtab_add_predicate(symtab, "nd",
+              "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
+    expr_symtab_add_predicate(symtab, "nd_sol",
+              "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
+    expr_symtab_add_predicate(symtab, "nd_adv",
+              "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
     expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET, "nd", false);
     expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL,
               "nd && icmp6.type == 135", false);