nicira-ext: Support matching IPv6 traffic.

Provides ability to match over IPv6 traffic in the same manner as IPv4. Currently, the matching fields include: - IPv6 source and destination addresses (ipv6_src and ipv6_dst) - Traffic Class (nw_tos) - Next Header (nw_proto) - ICMPv6 Type and Code (icmp_type and icmp_code) - TCP and UDP Ports over IPv6 (tp_src and tp_dst) When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to OVS must be used. Signed-off-by: Justin Pettit <jpettit@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
author: Justin Pettit <jpettit@nicira.com> 2010-12-29 19:03:46 -0800
committer: Justin Pettit <jpettit@nicira.com> 2011-02-02 12:53:26 -0800
commit: d31f1109f10e5ffb9bf266306b913ebf23781666 (patch)
tree: ddd80cc2348874fdea55a4e88e0990f821fb5e03 /tests
parent: bad68a9965215511b305c59d7f1830344ec2241f (diff)
2 files changed, 164 insertions, 0 deletions
diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at
index 7eecf287..a86588b9 100644
--- a/tests/ovs-ofctl.at
+++ b/tests/ovs-ofctl.at
@@ -62,6 +62,12 @@ tcp,tp_src=123,actions=flood
 in_port=LOCAL dl_vlan=9 dl_src=00:0A:E4:25:6B:B0 actions=drop
 arp,nw_src=192.168.0.1 actions=drop_spoofed_arp,NORMAL
 arp,dl_src=00:0A:E4:25:6B:B0,arp_sha=00:0A:E4:25:6B:B0 actions=drop
+ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5 actions=3
+ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5/64 actions=4
+ipv6,ipv6_dst=2001:db8:3c4d:1:2:3:4:5/127 actions=5
+tcp6,ipv6_src=2001:db8:3c4d:1::1,tp_dst=80 actions=drop 
+udp6,ipv6_src=2001:db8:3c4d:1::3,tp_dst=53 actions=drop 
+in_port=3 icmp6,ipv6_src=2001:db8:3c4d:1::1,icmp_type=134 actions=drop
 udp dl_vlan_pcp=7 idle_timeout=5 actions=strip_vlan output:0
 tcp,nw_src=192.168.0.3,tp_dst=80 actions=set_queue:37,output:1
 udp,nw_src=192.168.0.3,tp_dst=53 actions=pop_queue,output:1
@@ -77,6 +83,12 @@ NXT_FLOW_MOD: ADD tcp,tp_src=123 actions=FLOOD
 NXT_FLOW_MOD: ADD in_port=65534,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0 actions=drop
 NXT_FLOW_MOD: ADD arp,nw_src=192.168.0.1 actions=drop_spoofed_arp,NORMAL
 NXT_FLOW_MOD: ADD arp,dl_src=00:0a:e4:25:6b:b0,arp_sha=00:0a:e4:25:6b:b0 actions=drop
+NXT_FLOW_MOD: ADD ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5 actions=output:3
+NXT_FLOW_MOD: ADD ipv6,ipv6_src=2001:db8:3c4d:1::/64 actions=output:4
+NXT_FLOW_MOD: ADD ipv6,ipv6_dst=2001:db8:3c4d:1:2:3:4:4/127 actions=output:5
+NXT_FLOW_MOD: ADD tcp6,ipv6_src=2001:db8:3c4d:1::1,tp_dst=80 actions=drop
+NXT_FLOW_MOD: ADD udp6,ipv6_src=2001:db8:3c4d:1::3,tp_dst=53 actions=drop
+NXT_FLOW_MOD: ADD icmp6,in_port=3,ipv6_src=2001:db8:3c4d:1::1,icmp_type=134 actions=drop
 NXT_FLOW_MOD: ADD udp,dl_vlan_pcp=7 idle:5 actions=strip_vlan,output:0
 NXT_FLOW_MOD: ADD tcp,nw_src=192.168.0.3,tp_dst=80 actions=set_queue:37,output:1
 NXT_FLOW_MOD: ADD udp,nw_src=192.168.0.3,tp_dst=53 actions=pop_queue,output:1
@@ -95,6 +107,12 @@ tcp,tp_src=123,actions=flood
 in_port=LOCAL dl_vlan=9 dl_src=00:0A:E4:25:6B:B0 actions=drop
 arp,nw_src=192.168.0.1 actions=drop_spoofed_arp,NORMAL
 arp,dl_src=00:0A:E4:25:6B:B0,arp_sha=00:0A:E4:25:6B:B0 actions=drop
+ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5 actions=3
+ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5/64 actions=4
+ipv6,ipv6_dst=2001:db8:3c4d:1:2:3:4:5/127 actions=5
+tcp6,ipv6_src=2001:db8:3c4d:1::1,tp_dst=80 actions=drop 
+udp6,ipv6_src=2001:db8:3c4d:1::3,tp_dst=53 actions=drop 
+in_port=3 icmp6,ipv6_src=2001:db8:3c4d:1::1,icmp_type=134 actions=drop
 udp dl_vlan_pcp=7 idle_timeout=5 actions=strip_vlan output:0
 tcp,nw_src=192.168.0.3,tp_dst=80 actions=set_queue:37,output:1
 udp,nw_src=192.168.0.3,tp_dst=53 actions=pop_queue,output:1
@@ -110,6 +128,12 @@ AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0],
 NXT_FLOW_MOD: ADD NXM_OF_IN_PORT(fffe), NXM_OF_ETH_SRC(000ae4256bb0), NXM_OF_VLAN_TCI_W(1009/1fff) actions=drop
 NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0806), NXM_OF_ARP_SPA(c0a80001) actions=drop_spoofed_arp,NORMAL
 NXT_FLOW_MOD: ADD NXM_OF_ETH_SRC(000ae4256bb0), NXM_OF_ETH_TYPE(0806), NXM_NX_ARP_SHA(000ae4256bb0) actions=drop
+NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010002000300040005) actions=output:3
+NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000) actions=output:4
+NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_DST_W(20010db83c4d00010002000300040004/fffffffffffffffffffffffffffffffe) actions=output:5
+NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010000000000000001), NXM_OF_IP_PROTO(06), NXM_OF_TCP_DST(0050) actions=drop
+NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010000000000000003), NXM_OF_IP_PROTO(11), NXM_OF_UDP_DST(0035) actions=drop
+NXT_FLOW_MOD: ADD NXM_OF_IN_PORT(0003), NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010000000000000001), NXM_OF_IP_PROTO(3a), NXM_NX_ICMPV6_TYPE(86) actions=drop
 NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0800), NXM_OF_VLAN_TCI_W(f000/f000), NXM_OF_IP_PROTO(11) idle:5 actions=strip_vlan,output:0
 NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0800), NXM_OF_IP_SRC(c0a80003), NXM_OF_IP_PROTO(06), NXM_OF_TCP_DST(0050) actions=set_queue:37,output:1
 NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0800), NXM_OF_IP_SRC(c0a80003), NXM_OF_IP_PROTO(11), NXM_OF_UDP_DST(0035) actions=pop_queue,output:1
@@ -231,6 +255,18 @@ NXM_OF_ETH_TYPE(0806) NXM_NX_ARP_THA(0002e30f80a4)
 NXM_OF_ETH_TYPE(0800) NXM_NX_ARP_THA(0002e30f80a4)
 NXM_NX_ARP_THA(0002e30f80a4)
 
+# IPv6 source
+NXM_OF_ETH_TYPE(86dd) NXM_NX_IPV6_SRC(20010db83c4d00010002000300040005)
+NXM_OF_ETH_TYPE(0800) NXM_NX_IPV6_SRC(20010db83c4d00010002000300040005)
+NXM_OF_ETH_TYPE(86dd) NXM_NX_IPV6_SRC_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000)
+NXM_OF_ETH_TYPE(0800) NXM_NX_IPV6_SRC_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000)
+
+# IPv6 destination
+NXM_OF_ETH_TYPE(86dd) NXM_NX_IPV6_DST(20010db83c4d00010002000300040005)
+NXM_OF_ETH_TYPE(0800) NXM_NX_IPV6_DST(20010db83c4d00010002000300040005)
+NXM_OF_ETH_TYPE(86dd) NXM_NX_IPV6_DST_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000)
+NXM_OF_ETH_TYPE(0800) NXM_NX_IPV6_DST_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000)
+
 # Tunnel ID.
 NXM_NX_TUN_ID(00000000abcdef01)
 NXM_NX_TUN_ID_W(84200000abcdef01/84200000FFFFFFFF)
@@ -359,6 +395,18 @@ NXM_OF_ETH_TYPE(0806), NXM_NX_ARP_THA(0002e30f80a4)
 nx_pull_match() returned error 44010104
 nx_pull_match() returned error 44010104
 
+# IPv6 source
+NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010002000300040005)
+nx_pull_match() returned error 44010104
+NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000)
+nx_pull_match() returned error 44010104
+
+# IPv6 destination
+NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_DST(20010db83c4d00010002000300040005)
+nx_pull_match() returned error 44010104
+NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_DST_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000)
+nx_pull_match() returned error 44010104
+
 # Tunnel ID.
 NXM_NX_TUN_ID(00000000abcdef01)
 NXM_NX_TUN_ID_W(84200000abcdef01/84200000ffffffff)
diff --git a/tests/test-packets.c b/tests/test-packets.c
index 464a8eb7..dda4797f 100644
--- a/tests/test-packets.c
+++ b/tests/test-packets.c
@@ -39,10 +39,126 @@ test_ipv4_cidr(void)
     assert(!ip_is_cidr(htonl(0xffffffd0)));
 }
 
+static void
+test_ipv6_static_masks(void)
+{
+    /* The 'exact' and 'any' addresses should be identical to
+     * 'in6addr_exact' and  'in6addr_any' definitions, but we redefine
+     * them here since the pre-defined ones are used in the functions
+     * we're testing. */
+    struct in6_addr exact   = {{{ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, \
+                                  0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }}};
+
+    struct in6_addr any     = {{{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, \
+                                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }}};
+
+    struct in6_addr neither = {{{ 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, \
+                                  0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }}};
+
+    assert(ipv6_mask_is_exact(&exact));
+    assert(!ipv6_mask_is_exact(&any));
+    assert(!ipv6_mask_is_exact(&neither));
+
+    assert(!ipv6_mask_is_any(&exact));
+    assert(ipv6_mask_is_any(&any));
+    assert(!ipv6_mask_is_any(&neither));
+
+}
+
+static void
+test_ipv6_cidr(void)
+{
+    struct in6_addr dest;
+
+    struct in6_addr src   = {{{ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, \
+                                0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }}};
+
+    dest = ipv6_create_mask(0);
+    assert(ipv6_mask_is_any(&dest));
+    assert(ipv6_count_cidr_bits(&dest) == 0);
+    assert(ipv6_is_cidr(&dest));
+
+    dest = ipv6_create_mask(128);
+    assert(ipv6_mask_is_exact(&dest));
+    assert(ipv6_count_cidr_bits(&dest) == 128);
+    assert(ipv6_is_cidr(&dest));
+
+    dest = ipv6_create_mask(1);
+    assert(ipv6_count_cidr_bits(&dest) == 1);
+    assert(ipv6_is_cidr(&dest));
+
+    dest = ipv6_create_mask(13);
+    assert(ipv6_count_cidr_bits(&dest) == 13);
+    assert(ipv6_is_cidr(&dest));
+
+    dest = ipv6_create_mask(64);
+    assert(ipv6_count_cidr_bits(&dest) == 64);
+    assert(ipv6_is_cidr(&dest));
+
+    dest = ipv6_create_mask(95);
+    assert(ipv6_count_cidr_bits(&dest) == 95);
+    assert(ipv6_is_cidr(&dest));
+
+    dest = ipv6_create_mask(96);
+    assert(ipv6_count_cidr_bits(&dest) == 96);
+    assert(ipv6_is_cidr(&dest));
+
+    dest = ipv6_create_mask(97);
+    assert(ipv6_count_cidr_bits(&dest) == 97);
+    assert(ipv6_is_cidr(&dest));
+
+    dest = ipv6_create_mask(127);
+    assert(ipv6_count_cidr_bits(&dest) == 127);
+    assert(ipv6_is_cidr(&dest));
+
+    src.s6_addr[8] = 0xf0;
+    assert(ipv6_is_cidr(&src));
+    assert(ipv6_count_cidr_bits(&src) == 68);
+
+    src.s6_addr[15] = 0x01;
+    assert(!ipv6_is_cidr(&src));
+    src.s6_addr[15] = 0x00;
+    assert(ipv6_is_cidr(&src));
+
+    src.s6_addr[8] = 0x0f;
+    assert(!ipv6_is_cidr(&src));
+}
+
+
+static void
+test_ipv6_masking(void)
+{
+    struct in6_addr dest;
+    struct in6_addr mask;
+
+    mask = ipv6_create_mask(0);
+    dest = ipv6_addr_bitand(&in6addr_exact, &mask);
+    assert(ipv6_count_cidr_bits(&dest) == 0);
+
+    mask = ipv6_create_mask(1);
+    dest = ipv6_addr_bitand(&in6addr_exact, &mask);
+    assert(ipv6_count_cidr_bits(&dest) == 1);
+
+    mask = ipv6_create_mask(13);
+    dest = ipv6_addr_bitand(&in6addr_exact, &mask);
+    assert(ipv6_count_cidr_bits(&dest) == 13);
+
+    mask = ipv6_create_mask(127);
+    dest = ipv6_addr_bitand(&in6addr_exact, &mask);
+    assert(ipv6_count_cidr_bits(&dest) == 127);
+
+    mask = ipv6_create_mask(128);
+    dest = ipv6_addr_bitand(&in6addr_exact, &mask);
+    assert(ipv6_count_cidr_bits(&dest) == 128);
+}
+
 int
 main(void)
 {
     test_ipv4_cidr();
+    test_ipv6_static_masks();
+    test_ipv6_cidr();
+    test_ipv6_masking();
 
     return 0;
 }
author	Justin Pettit <jpettit@nicira.com>	2010-12-29 19:03:46 -0800
committer	Justin Pettit <jpettit@nicira.com>	2011-02-02 12:53:26 -0800
commit	d31f1109f10e5ffb9bf266306b913ebf23781666 (patch)
tree	ddd80cc2348874fdea55a4e88e0990f821fb5e03 /tests
parent	bad68a9965215511b305c59d7f1830344ec2241f (diff)