diff options
author | Justin Pettit <jpettit@nicira.com> | 2010-12-29 19:03:46 -0800 |
---|---|---|
committer | Justin Pettit <jpettit@nicira.com> | 2011-02-02 12:53:26 -0800 |
commit | d31f1109f10e5ffb9bf266306b913ebf23781666 (patch) | |
tree | ddd80cc2348874fdea55a4e88e0990f821fb5e03 /tests | |
parent | bad68a9965215511b305c59d7f1830344ec2241f (diff) |
nicira-ext: Support matching IPv6 traffic.
Provides ability to match over IPv6 traffic in the same manner as IPv4.
Currently, the matching fields include:
- IPv6 source and destination addresses (ipv6_src and ipv6_dst)
- Traffic Class (nw_tos)
- Next Header (nw_proto)
- ICMPv6 Type and Code (icmp_type and icmp_code)
- TCP and UDP Ports over IPv6 (tp_src and tp_dst)
When defining IPv6 rules, the Nicira Extensible Match (NXM) extension to
OVS must be used.
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/ovs-ofctl.at | 48 | ||||
-rw-r--r-- | tests/test-packets.c | 116 |
2 files changed, 164 insertions, 0 deletions
diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at index 7eecf287..a86588b9 100644 --- a/tests/ovs-ofctl.at +++ b/tests/ovs-ofctl.at @@ -62,6 +62,12 @@ tcp,tp_src=123,actions=flood in_port=LOCAL dl_vlan=9 dl_src=00:0A:E4:25:6B:B0 actions=drop arp,nw_src=192.168.0.1 actions=drop_spoofed_arp,NORMAL arp,dl_src=00:0A:E4:25:6B:B0,arp_sha=00:0A:E4:25:6B:B0 actions=drop +ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5 actions=3 +ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5/64 actions=4 +ipv6,ipv6_dst=2001:db8:3c4d:1:2:3:4:5/127 actions=5 +tcp6,ipv6_src=2001:db8:3c4d:1::1,tp_dst=80 actions=drop +udp6,ipv6_src=2001:db8:3c4d:1::3,tp_dst=53 actions=drop +in_port=3 icmp6,ipv6_src=2001:db8:3c4d:1::1,icmp_type=134 actions=drop udp dl_vlan_pcp=7 idle_timeout=5 actions=strip_vlan output:0 tcp,nw_src=192.168.0.3,tp_dst=80 actions=set_queue:37,output:1 udp,nw_src=192.168.0.3,tp_dst=53 actions=pop_queue,output:1 @@ -77,6 +83,12 @@ NXT_FLOW_MOD: ADD tcp,tp_src=123 actions=FLOOD NXT_FLOW_MOD: ADD in_port=65534,dl_vlan=9,dl_src=00:0a:e4:25:6b:b0 actions=drop NXT_FLOW_MOD: ADD arp,nw_src=192.168.0.1 actions=drop_spoofed_arp,NORMAL NXT_FLOW_MOD: ADD arp,dl_src=00:0a:e4:25:6b:b0,arp_sha=00:0a:e4:25:6b:b0 actions=drop +NXT_FLOW_MOD: ADD ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5 actions=output:3 +NXT_FLOW_MOD: ADD ipv6,ipv6_src=2001:db8:3c4d:1::/64 actions=output:4 +NXT_FLOW_MOD: ADD ipv6,ipv6_dst=2001:db8:3c4d:1:2:3:4:4/127 actions=output:5 +NXT_FLOW_MOD: ADD tcp6,ipv6_src=2001:db8:3c4d:1::1,tp_dst=80 actions=drop +NXT_FLOW_MOD: ADD udp6,ipv6_src=2001:db8:3c4d:1::3,tp_dst=53 actions=drop +NXT_FLOW_MOD: ADD icmp6,in_port=3,ipv6_src=2001:db8:3c4d:1::1,icmp_type=134 actions=drop NXT_FLOW_MOD: ADD udp,dl_vlan_pcp=7 idle:5 actions=strip_vlan,output:0 NXT_FLOW_MOD: ADD tcp,nw_src=192.168.0.3,tp_dst=80 actions=set_queue:37,output:1 NXT_FLOW_MOD: ADD udp,nw_src=192.168.0.3,tp_dst=53 actions=pop_queue,output:1 @@ -95,6 +107,12 @@ tcp,tp_src=123,actions=flood in_port=LOCAL dl_vlan=9 dl_src=00:0A:E4:25:6B:B0 actions=drop arp,nw_src=192.168.0.1 actions=drop_spoofed_arp,NORMAL arp,dl_src=00:0A:E4:25:6B:B0,arp_sha=00:0A:E4:25:6B:B0 actions=drop +ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5 actions=3 +ipv6,ipv6_src=2001:db8:3c4d:1:2:3:4:5/64 actions=4 +ipv6,ipv6_dst=2001:db8:3c4d:1:2:3:4:5/127 actions=5 +tcp6,ipv6_src=2001:db8:3c4d:1::1,tp_dst=80 actions=drop +udp6,ipv6_src=2001:db8:3c4d:1::3,tp_dst=53 actions=drop +in_port=3 icmp6,ipv6_src=2001:db8:3c4d:1::1,icmp_type=134 actions=drop udp dl_vlan_pcp=7 idle_timeout=5 actions=strip_vlan output:0 tcp,nw_src=192.168.0.3,tp_dst=80 actions=set_queue:37,output:1 udp,nw_src=192.168.0.3,tp_dst=53 actions=pop_queue,output:1 @@ -110,6 +128,12 @@ AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0], NXT_FLOW_MOD: ADD NXM_OF_IN_PORT(fffe), NXM_OF_ETH_SRC(000ae4256bb0), NXM_OF_VLAN_TCI_W(1009/1fff) actions=drop NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0806), NXM_OF_ARP_SPA(c0a80001) actions=drop_spoofed_arp,NORMAL NXT_FLOW_MOD: ADD NXM_OF_ETH_SRC(000ae4256bb0), NXM_OF_ETH_TYPE(0806), NXM_NX_ARP_SHA(000ae4256bb0) actions=drop +NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010002000300040005) actions=output:3 +NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000) actions=output:4 +NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_DST_W(20010db83c4d00010002000300040004/fffffffffffffffffffffffffffffffe) actions=output:5 +NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010000000000000001), NXM_OF_IP_PROTO(06), NXM_OF_TCP_DST(0050) actions=drop +NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010000000000000003), NXM_OF_IP_PROTO(11), NXM_OF_UDP_DST(0035) actions=drop +NXT_FLOW_MOD: ADD NXM_OF_IN_PORT(0003), NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010000000000000001), NXM_OF_IP_PROTO(3a), NXM_NX_ICMPV6_TYPE(86) actions=drop NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0800), NXM_OF_VLAN_TCI_W(f000/f000), NXM_OF_IP_PROTO(11) idle:5 actions=strip_vlan,output:0 NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0800), NXM_OF_IP_SRC(c0a80003), NXM_OF_IP_PROTO(06), NXM_OF_TCP_DST(0050) actions=set_queue:37,output:1 NXT_FLOW_MOD: ADD NXM_OF_ETH_TYPE(0800), NXM_OF_IP_SRC(c0a80003), NXM_OF_IP_PROTO(11), NXM_OF_UDP_DST(0035) actions=pop_queue,output:1 @@ -231,6 +255,18 @@ NXM_OF_ETH_TYPE(0806) NXM_NX_ARP_THA(0002e30f80a4) NXM_OF_ETH_TYPE(0800) NXM_NX_ARP_THA(0002e30f80a4) NXM_NX_ARP_THA(0002e30f80a4) +# IPv6 source +NXM_OF_ETH_TYPE(86dd) NXM_NX_IPV6_SRC(20010db83c4d00010002000300040005) +NXM_OF_ETH_TYPE(0800) NXM_NX_IPV6_SRC(20010db83c4d00010002000300040005) +NXM_OF_ETH_TYPE(86dd) NXM_NX_IPV6_SRC_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000) +NXM_OF_ETH_TYPE(0800) NXM_NX_IPV6_SRC_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000) + +# IPv6 destination +NXM_OF_ETH_TYPE(86dd) NXM_NX_IPV6_DST(20010db83c4d00010002000300040005) +NXM_OF_ETH_TYPE(0800) NXM_NX_IPV6_DST(20010db83c4d00010002000300040005) +NXM_OF_ETH_TYPE(86dd) NXM_NX_IPV6_DST_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000) +NXM_OF_ETH_TYPE(0800) NXM_NX_IPV6_DST_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000) + # Tunnel ID. NXM_NX_TUN_ID(00000000abcdef01) NXM_NX_TUN_ID_W(84200000abcdef01/84200000FFFFFFFF) @@ -359,6 +395,18 @@ NXM_OF_ETH_TYPE(0806), NXM_NX_ARP_THA(0002e30f80a4) nx_pull_match() returned error 44010104 nx_pull_match() returned error 44010104 +# IPv6 source +NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC(20010db83c4d00010002000300040005) +nx_pull_match() returned error 44010104 +NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_SRC_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000) +nx_pull_match() returned error 44010104 + +# IPv6 destination +NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_DST(20010db83c4d00010002000300040005) +nx_pull_match() returned error 44010104 +NXM_OF_ETH_TYPE(86dd), NXM_NX_IPV6_DST_W(20010db83c4d00010000000000000000/ffffffffffffffff0000000000000000) +nx_pull_match() returned error 44010104 + # Tunnel ID. NXM_NX_TUN_ID(00000000abcdef01) NXM_NX_TUN_ID_W(84200000abcdef01/84200000ffffffff) diff --git a/tests/test-packets.c b/tests/test-packets.c index 464a8eb7..dda4797f 100644 --- a/tests/test-packets.c +++ b/tests/test-packets.c @@ -39,10 +39,126 @@ test_ipv4_cidr(void) assert(!ip_is_cidr(htonl(0xffffffd0))); } +static void +test_ipv6_static_masks(void) +{ + /* The 'exact' and 'any' addresses should be identical to + * 'in6addr_exact' and 'in6addr_any' definitions, but we redefine + * them here since the pre-defined ones are used in the functions + * we're testing. */ + struct in6_addr exact = {{{ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, \ + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }}}; + + struct in6_addr any = {{{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, \ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }}}; + + struct in6_addr neither = {{{ 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, \ + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }}}; + + assert(ipv6_mask_is_exact(&exact)); + assert(!ipv6_mask_is_exact(&any)); + assert(!ipv6_mask_is_exact(&neither)); + + assert(!ipv6_mask_is_any(&exact)); + assert(ipv6_mask_is_any(&any)); + assert(!ipv6_mask_is_any(&neither)); + +} + +static void +test_ipv6_cidr(void) +{ + struct in6_addr dest; + + struct in6_addr src = {{{ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, \ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }}}; + + dest = ipv6_create_mask(0); + assert(ipv6_mask_is_any(&dest)); + assert(ipv6_count_cidr_bits(&dest) == 0); + assert(ipv6_is_cidr(&dest)); + + dest = ipv6_create_mask(128); + assert(ipv6_mask_is_exact(&dest)); + assert(ipv6_count_cidr_bits(&dest) == 128); + assert(ipv6_is_cidr(&dest)); + + dest = ipv6_create_mask(1); + assert(ipv6_count_cidr_bits(&dest) == 1); + assert(ipv6_is_cidr(&dest)); + + dest = ipv6_create_mask(13); + assert(ipv6_count_cidr_bits(&dest) == 13); + assert(ipv6_is_cidr(&dest)); + + dest = ipv6_create_mask(64); + assert(ipv6_count_cidr_bits(&dest) == 64); + assert(ipv6_is_cidr(&dest)); + + dest = ipv6_create_mask(95); + assert(ipv6_count_cidr_bits(&dest) == 95); + assert(ipv6_is_cidr(&dest)); + + dest = ipv6_create_mask(96); + assert(ipv6_count_cidr_bits(&dest) == 96); + assert(ipv6_is_cidr(&dest)); + + dest = ipv6_create_mask(97); + assert(ipv6_count_cidr_bits(&dest) == 97); + assert(ipv6_is_cidr(&dest)); + + dest = ipv6_create_mask(127); + assert(ipv6_count_cidr_bits(&dest) == 127); + assert(ipv6_is_cidr(&dest)); + + src.s6_addr[8] = 0xf0; + assert(ipv6_is_cidr(&src)); + assert(ipv6_count_cidr_bits(&src) == 68); + + src.s6_addr[15] = 0x01; + assert(!ipv6_is_cidr(&src)); + src.s6_addr[15] = 0x00; + assert(ipv6_is_cidr(&src)); + + src.s6_addr[8] = 0x0f; + assert(!ipv6_is_cidr(&src)); +} + + +static void +test_ipv6_masking(void) +{ + struct in6_addr dest; + struct in6_addr mask; + + mask = ipv6_create_mask(0); + dest = ipv6_addr_bitand(&in6addr_exact, &mask); + assert(ipv6_count_cidr_bits(&dest) == 0); + + mask = ipv6_create_mask(1); + dest = ipv6_addr_bitand(&in6addr_exact, &mask); + assert(ipv6_count_cidr_bits(&dest) == 1); + + mask = ipv6_create_mask(13); + dest = ipv6_addr_bitand(&in6addr_exact, &mask); + assert(ipv6_count_cidr_bits(&dest) == 13); + + mask = ipv6_create_mask(127); + dest = ipv6_addr_bitand(&in6addr_exact, &mask); + assert(ipv6_count_cidr_bits(&dest) == 127); + + mask = ipv6_create_mask(128); + dest = ipv6_addr_bitand(&in6addr_exact, &mask); + assert(ipv6_count_cidr_bits(&dest) == 128); +} + int main(void) { test_ipv4_cidr(); + test_ipv6_static_masks(); + test_ipv6_cidr(); + test_ipv6_masking(); return 0; } |