@@ -158,12 +158,14 @@ lflow_init(void)
expr_symtab_add_field(&symtab, "arp.tha", MFF_ARP_THA, "arp", false);
expr_symtab_add_predicate(&symtab, "nd",
- "icmp6.type == {135, 136} && icmp6.code == 0");
+ "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(&symtab, "nd_ns",
+ "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(&symtab, "nd_na",
+ "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
expr_symtab_add_field(&symtab, "nd.target", MFF_ND_TARGET, "nd", false);
- expr_symtab_add_field(&symtab, "nd.sll", MFF_ND_SLL,
- "nd && icmp6.type == 135", false);
- expr_symtab_add_field(&symtab, "nd.tll", MFF_ND_TLL,
- "nd && icmp6.type == 136", false);
+ expr_symtab_add_field(&symtab, "nd.sll", MFF_ND_SLL, "nd_ns", false);
+ expr_symtab_add_field(&symtab, "nd.tll", MFF_ND_TLL, "nd_na", false);
expr_symtab_add_predicate(&symtab, "tcp", "ip.proto == 6");
expr_symtab_add_field(&symtab, "tcp.src", MFF_TCP_SRC, "tcp", false);
@@ -837,7 +837,9 @@
<li><code>ip.later_frag</code> expands to <code>ip.frag[1]</code></li>
<li><code>ip.first_frag</code> expands to <code>ip.is_frag && !ip.later_frag</code></li>
<li><code>arp</code> expands to <code>eth.type == 0x806</code></li>
- <li><code>nd</code> expands to <code>icmp6.type == {135, 136} && icmp6.code == 0</code></li>
+ <li><code>nd</code> expands to <code>icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255</code></li>
+ <li><code>nd_ns</code> expands to <code>icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255</code></li>
+ <li><code>nd_na</code> expands to <code>icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255</code></li>
<li><code>tcp</code> expands to <code>ip.proto == 6</code></li>
<li><code>udp</code> expands to <code>ip.proto == 17</code></li>
<li><code>sctp</code> expands to <code>ip.proto == 132</code></li>
@@ -212,12 +212,15 @@ create_symtab(struct shash *symtab)
expr_symtab_add_field(symtab, "arp.tpa", MFF_ARP_TPA, "arp", false);
expr_symtab_add_field(symtab, "arp.tha", MFF_ARP_THA, "arp", false);
- expr_symtab_add_predicate(symtab, "nd", "icmp6.type == {135, 136} && icmp6.code == 0");
+ expr_symtab_add_predicate(symtab, "nd",
+ "icmp6.type == {135, 136} && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(symtab, "nd_ns",
+ "icmp6.type == 135 && icmp6.code == 0 && ip.ttl == 255");
+ expr_symtab_add_predicate(symtab, "nd_na",
+ "icmp6.type == 136 && icmp6.code == 0 && ip.ttl == 255");
expr_symtab_add_field(symtab, "nd.target", MFF_ND_TARGET, "nd", false);
- expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL,
- "nd && icmp6.type == 135", false);
- expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL,
- "nd && icmp6.type == 136", false);
+ expr_symtab_add_field(symtab, "nd.sll", MFF_ND_SLL, "nd_ns", false);
+ expr_symtab_add_field(symtab, "nd.tll", MFF_ND_TLL, "nd_na", false);
expr_symtab_add_predicate(symtab, "tcp", "ip.proto == 6");
expr_symtab_add_field(symtab, "tcp.src", MFF_TCP_SRC, "tcp", false);
According to RFC 4861, Neighbor Discovery messages should only match when the Hop Limit is 255 to prevent off-link senders from sending ND messages. This commit limits matching to that Hop Limit. It also introduces Neighbor Discovery Solicitation ("nd_ns") and Advertisement ("nd_na") definitions. The "nd.sll" and "nd.tll" only apply to "nd_ns" and "nd_na", respectively. This commit limits those symbols appropriately. (Note that Router and Redirect also use those fields, so we will need to include them as well when they are added.) Signed-off-by: Justin Pettit <jpettit@ovn.org> --- v1->v2: Switch to "nd_ns" and "nd_na". ovn/controller/lflow.c | 12 +++++++----- ovn/ovn-sb.xml | 4 +++- tests/test-ovn.c | 13 ++++++++----- 3 files changed, 18 insertions(+), 11 deletions(-)