[ovs-dev] [PATCH] ovs-ofctl: Add support for drop_spoofed_arp action.
Ben Pfaff
blp at nicira.com
Thu Sep 9 21:46:34 UTC 2010
Requested-by: Michael Mao <mmao at nicira.com>
---
lib/ofp-parse.c | 5 +++++
utilities/ovs-ofctl.8.in | 10 ++++++++++
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/lib/ofp-parse.c b/lib/ofp-parse.c
index cc1419a..06d5bd1 100644
--- a/lib/ofp-parse.c
+++ b/lib/ofp-parse.c
@@ -263,6 +263,11 @@ str_to_action(char *str, struct ofpbuf *b)
nast->vendor = htonl(NX_VENDOR_ID);
nast->subtype = htons(NXAST_SET_TUNNEL);
nast->tun_id = htonl(str_to_u32(arg));
+ } else if (!strcasecmp(act, "drop_spoofed_arp")) {
+ struct nx_action_header *nah;
+ nah = put_action(b, sizeof *nah, OFPAT_VENDOR);
+ nah->vendor = htonl(NX_VENDOR_ID);
+ nah->subtype = htons(NXAST_DROP_SPOOFED_ARP);
} else if (!strcasecmp(act, "output")) {
put_output_action(b, str_to_u32(arg));
} else if (!strcasecmp(act, "enqueue")) {
diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in
index f51f87a..89f13a5 100644
--- a/utilities/ovs-ofctl.8.in
+++ b/utilities/ovs-ofctl.8.in
@@ -451,6 +451,16 @@ addition to any other actions in this flow entry. Recursive
If outputting to a port that encapsulates the packet in a tunnel and supports
an identifier (such as GRE), sets the identifier to \fBid\fR.
.
+.IP \fBdrop_spoofed_arp\fR
+Stops processing further actions, if the packet being processed is an
+Ethernet+IPv4 ARP packet for which the source Ethernet address inside
+the ARP packet differs from the source Ethernet address in the
+Ethernet header.
+.
+This is useful because OpenFlow does not provide a way to match on the
+Ethernet addresses inside ARP packets, so there is no other way to
+drop spoofed ARPs other than sending every packet up to the
+controller.
.RE
.
.IP
--
1.7.1
More information about the dev
mailing list