[ovs-dev] [PATCH V1 1/1] Support for Flooding ARP Probes in Provider Network

Gangadhar Vegesana grvegesa at us.ibm.com
Thu Apr 7 18:43:11 UTC 2016 

Clients that supports RFC 5227, probes the the newly received IP address
from DHCP server. These probes should be received by all the VM's on
the provider network(localnet). I added any entry in ARP response table
to do that broadcast with higher priority value than that of ARP response
entries. The ARP probe packets with src=0.0.0.0 should not be dropped.
As of now there is check in ARP spoofing table to drop these packets.
Added another check to allow these packets

Signed-off-by:  Gangadhar Vegesana <grvegesa at us.ibm.com>

---
 ovn/northd/ovn-northd.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 4b1d611..5805f8b 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -1179,7 +1179,7 @@ build_port_security_nd(struct ovn_port *op, struct hmap *lflows)
             if (ps.n_ipv4_addrs) {
                 ds_put_cstr(&match, " && (");
                 for (size_t i = 0; i < ps.n_ipv4_addrs; i++) {
-                    ds_put_format(&match, "arp.spa == "IP_FMT" || ",
+                    ds_put_format(&match, "arp.spa == {"IP_FMT",0.0.0.0}",
                                   IP_ARGS(ps.ipv4_addrs[i].addr));
                 }
                 ds_chomp(&match, ' ');
@@ -1471,6 +1471,17 @@ build_acls(struct ovn_datapath *od, struct hmap *lflows, struct hmap *ports)
         }
     }
 }
+static bool
+is_port_on_localnet(struct ovn_datapath *od)
+{
+    for (size_t i = 0; i < od->nbs->n_ports; i++) {
+        struct nbrec_logical_port *port = od->nbs->ports[i];
+        if (!strcmp(port->type, "localnet")) {
+            return true;
+        }
+    }
+    return false;
+}
 
 static void
 build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
@@ -1583,6 +1594,14 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
             continue;
         }
 
+        if (op->od && is_port_on_localnet(op->od)) {
+            /* This entry is for ARP Probe, where SRC IP = 0.0.0.0
+             * (priority 60) */
+            char* match = xasprintf( "arp.op == 1 && arp.spa == 0");
+            ovn_lflow_add(lflows, op->od, S_SWITCH_IN_ARP_RSP, 60,
+                    match, "next;");
+            free(match);
+        }
         for (size_t i = 0; i < op->nbs->n_addresses; i++) {
             struct lport_addresses laddrs;
             if (!extract_lport_addresses(op->nbs->addresses[i], &laddrs,
-- 
2.6.3

More information about the dev mailing list