[ovs-discuss] Q. about IP-, MAC-, arp-spoofing
Luiz Ozaki
luiz.ozaki at locaweb.com.br
Thu Jul 26 19:26:09 UTC 2012
On 7/26/12 4:01 PM, Jesse Gross wrote:
> OVS can match on all protocol fields in an ARP packet:
> Ethernet source MAC: dl_src
> Ethernet dest MAC: dl_dst
> ARP source protocol address: nw_src
> ARP source hardware address: arp_sha
> ARP target protocol address: nw_dst
> ARP target hardware address: arp_tha
As in the manpage too:
nw_src turns into arp_sha and nw_dst into arp_tha if it's arp, right ?
*nw_src=*/ip/[*/*/netmask/]
*nw_dst=*/ip/[*/*/netmask/]
When*dl_type*is 0x0800 (possibly via shorthand, e.g.*ip*or*tcp*),
matches IPv4 source (or destination) address/ip/, which may be specified
as an IP address or host name (e.g.*192.168.1.1*or*www.example.com*).
The optional/netmask/allows restricting a match to an IPv4 address
prefix. The netmask may be specified as a dotted quad
(e.g.*192.168.1.0/255.255.255.0*) or as a CIDR block
(e.g.*192.168.1.0/24*). Open vSwitch 1.8 and later support arbitrary
dotted quad masks; earlier versions support only CIDR masks, that is,
the dotted quads that are equivalent to some CIDR block.
*When**dl_type=0x0806or**arpis specified, matches
the**ar_spaor**ar_tpafield, respectively, in ARP packets for IPv4 and
Ethernet.*
Actually there are some typo errors in there, no ? *ar_spa *and*ar_tpa*
? Is that right ?
Shouldn't be arp_spa and arp_tpa ? Or arp_sha and arp_tha ?
--
Luiz Henrique Ozaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20120726/a8875075/attachment.html>
More information about the discuss
mailing list