[ovs-dev] [PATCH ovn v3 02/10] ovn-northd: Port security allows receiving packets to multicast/broadcast.
Ben Pfaff
blp at nicira.com
Fri Apr 24 22:34:52 UTC 2015
Otherwise ARP and other broadcast protocols would be problematic.
Reported-by: Justin Pettit <jpettit at nicira.com>
Signed-off-by: Ben Pfaff <blp at nicira.com>
---
ovn/northd/ovn-northd.c | 3 +++
ovn/ovn-nb.xml | 3 ++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 4f64d49..b0c6b4e 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -414,6 +414,9 @@ build_pipeline(struct northd_context *ctx)
}
/* Table 3: Egress port security. */
+ NBREC_LOGICAL_SWITCH_FOR_EACH (lswitch, ctx->ovnnb_idl) {
+ pipeline_add(&pc, lswitch, 3, 100, "eth.dst[40]", "output;");
+ }
NBREC_LOGICAL_PORT_FOR_EACH (lport, ctx->ovnnb_idl) {
struct ds match;
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
index bd9f8a2..2e792a7 100644
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -140,7 +140,8 @@
A set of L2 (Ethernet) or L3 (IPv4 or IPv6) addresses or L2+L3 pairs
from which the logical port is allowed to send packets and to which it
is allowed to receive packets. If this column is empty, all addresses
- are permitted.
+ are permitted. Logical ports are always allowed to receive packets
+ addressed to multicast and broadcast addresses.
</p>
<p>
--
1.7.10.4
More information about the dev
mailing list