[ovs-dev] [PATCH] Restrict use of unspecified source addresses

Numan Siddique nusiddiq at redhat.com
Thu May 19 08:31:13 UTC 2016


On Wed, May 18, 2016 at 11:26 PM, Dustin Lundquist <dustin at null-ptr.net>
wrote:

> Restrict use of the unspecified source addresses (:: and 0.0.0.0) to
> traffic necessary to obtain an IP address. DHCP discovery messages for
> the IPv4 case, and ICMP6 types necessary for duplicate address detection
> for IPv6.
>
> This breaks the existing ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV
> test since it tests sourcing IPv6 packets from the unspecified address
> with and invalid ICMPv6 type (0). Modified this test should be extended
> to verify ICMPv6 types for DAD are permitted, and other IPv6 traffic
> sourced from the unspecified address are dropped.
> ---
>  ovn/northd/ovn-northd.c | 37 +++++++++++++++++++++++++++++++++----
>  tests/ovn.at            | 22 +++++++++++++++++++++-
>  2 files changed, 54 insertions(+), 5 deletions(-)
>
>
​I think you also need to update ovn-northd.8.xml

Thanks
Numan

​


>
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>



More information about the dev mailing list