[ovs-dev] [PATCH] Restrict use of unspecified source addresses
Ben Pfaff
blp at ovn.org
Fri May 20 15:30:18 UTC 2016
On Wed, May 18, 2016 at 10:56:20AM -0700, Dustin Lundquist wrote:
> Restrict use of the unspecified source addresses (:: and 0.0.0.0) to
> traffic necessary to obtain an IP address. DHCP discovery messages for
> the IPv4 case, and ICMP6 types necessary for duplicate address detection
> for IPv6.
>
> This breaks the existing ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV
> test since it tests sourcing IPv6 packets from the unspecified address
> with and invalid ICMPv6 type (0). Modified this test should be extended
> to verify ICMPv6 types for DAD are permitted, and other IPv6 traffic
> sourced from the unspecified address are dropped.
Thanks for the patch! I think it's almost ready.
We'll need a Signed-off-by, please see CONTRIBUTING.md for the form and
its meaning.
Please write {} around 'if' statements, e.g. here:
> + if (pipeline == P_OUT)
> + ds_put_cstr(match, "ff00::/8, ");
Also, please update the documentation, as suggested by Numan.
Thanks,
Ben.
More information about the dev
mailing list