[ovs-dev] [PATCH 1/2] ovn-northd: LR respond ARP from valid subnet only.
Ben Pfaff
blp at ovn.org
Tue Aug 21 22:38:26 UTC 2018
On Tue, Aug 21, 2018 at 03:03:16PM -0700, Han Zhou wrote:
> On Tue, Aug 21, 2018 at 11:36 AM Ben Pfaff <blp at ovn.org> wrote:
> >
> > On Sun, Aug 19, 2018 at 10:27:30PM -0700, Han Zhou wrote:
> > > Currently ovn LR datapath responds ARP requests even if the ARP
> > > requestor's src IP doesn't belong to the LR port's subnets. This
> > > may generate unnecessary ARP responses and there could also be
> > > security concerns. This patch restricts the ARP response only if
> > > the requestor's IP matches the LR port's subnets.
> > >
> > > Signed-off-by: Han Zhou <hzhou8 at ebay.com>
> >
> > Thanks, this series seems fine and the tests pass, so I applied it to
> > master.
>
> Thanks Ben. Shall we backport to at least 2.9 and 2.10? Without this, GARP
> request won't work for mac-binding update.
How much of a problem is it in practice? The patch series was the first
I'd heard of the problem.
More information about the dev
mailing list