From 8a084805544a4676aeb4a9182032297897e590e0 Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Thu, 2 Jul 2015 15:56:51 -0400 Subject: [PATCH] Install more-specific ICMPv6 rule in DVR routers The Openflow rule added in install_dvr_process_ipv6() is dropping all ICMPv6 traffic, not just the Router Advertisement the comment mentions. This is causing things like ping6 to fail to VMs on DVR compute nodes because the reply packets are getting dropped in the local DVR router before being sent to br-tun. Change-Id: I14741dd4293e7cfb99cb6bba03cf583ca3ea82ef Closes-bug: 1471000 --- .../agent/openflow/ovs_ofctl/br_dvr_process.py | 4 ++++ .../agent/openflow/ovs_ofctl/ovs_bridge_test_base.py | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_dvr_process.py b/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_dvr_process.py index 46db4ec697b..6fdb06440e0 100644 --- a/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_dvr_process.py +++ b/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_dvr_process.py @@ -29,6 +29,8 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron.common import constants + class OVSDVRProcessMixin(object): """Common logic for br-tun and br-phys' DVR_PROCESS tables. @@ -58,6 +60,7 @@ class OVSDVRProcessMixin(object): priority=3, dl_vlan=vlan_tag, proto='icmp6', + icmp_type=constants.ICMPV6_TYPE_RA, dl_src=gateway_mac, actions='drop') @@ -65,6 +68,7 @@ class OVSDVRProcessMixin(object): self.delete_flows(table=self.dvr_process_table_id, dl_vlan=vlan_tag, proto='icmp6', + icmp_type=constants.ICMPV6_TYPE_RA, dl_src=gateway_mac) def install_dvr_process(self, vlan_tag, vif_mac, dvr_mac_address): diff --git a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/ovs_bridge_test_base.py b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/ovs_bridge_test_base.py index fabf698a818..ad9de289fc3 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/ovs_bridge_test_base.py +++ b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/ovs_bridge_test_base.py @@ -16,6 +16,8 @@ import mock +from neutron.common import constants + from neutron.tests.unit.plugins.ml2.drivers.openvswitch.agent \ import ovs_test_base @@ -112,7 +114,8 @@ class OVSDVRProcessTestMixin(object): expected = [ call.add_flow(table=self.dvr_process_table_id, proto='icmp6', dl_src=gateway_mac, actions='drop', - priority=3, dl_vlan=vlan_tag), + priority=3, dl_vlan=vlan_tag, + icmp_type=constants.ICMPV6_TYPE_RA), ] self.assertEqual(expected, self.mock.mock_calls) @@ -124,7 +127,8 @@ class OVSDVRProcessTestMixin(object): expected = [ call.delete_flows(table=self.dvr_process_table_id, dl_vlan=vlan_tag, dl_src=gateway_mac, - proto='icmp6'), + proto='icmp6', + icmp_type=constants.ICMPV6_TYPE_RA), ] self.assertEqual(expected, self.mock.mock_calls)