[ovs-dev] [ovs-dev, v2][PATCH] ovn-northd: Restrict use of unspecified source addresses
Ryan Moats
rmoats at us.ibm.com
Mon May 23 15:00:52 UTC 2016
"dev" <dev-bounces at openvswitch.org> wrote on 05/20/2016 02:48:16 PM:
> From: Dustin Lundquist <dustin at null-ptr.net>
> To: dev at openvswitch.org
> Date: 05/20/2016 02:47 PM
> Subject: [ovs-dev] [ovs-dev, v2][PATCH] ovn-northd: Restrict use of
> unspecified source addresses
> Sent by: "dev" <dev-bounces at openvswitch.org>
>
> Restrict use of the unspecified source addresses (:: and 0.0.0.0) to
> traffic necessary to obtain an IP address. DHCP discovery messages for
> the IPv4 case, and ICMP6 types necessary for duplicate address detection
> for IPv6.
>
> This breaks the existing ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV
> test since it tests sourcing IPv6 packets from the unspecified address
> with and invalid ICMPv6 type (0). Modified this test should be extended
> to verify ICMPv6 types for DAD are permitted, and other IPv6 traffic
> sourced from the unspecified address are dropped.
>
> Signed-off-by: Dustin Lundquist <dustin at null-ptr.net>
I've looked at this both by inspection and by looking at the resulting
rules
that come out of running the unit test case and they all look sane to me...
Acked-by: Ryan Moats <rmoats at us.ibm.com>
More information about the dev
mailing list