[ovs-discuss] Q. about IP-, MAC-, arp-spoofing
Jesse Gross
jesse at nicira.com
Thu Jul 26 20:22:33 UTC 2012
On Thu, Jul 26, 2012 at 12:26 PM, Luiz Ozaki <luiz.ozaki at locaweb.com.br>wrote:
> On 7/26/12 4:01 PM, Jesse Gross wrote:
>
> OVS can match on all protocol fields in an ARP packet:
> Ethernet source MAC: dl_src
> Ethernet dest MAC: dl_dst
> ARP source protocol address: nw_src
> ARP source hardware address: arp_sha
> ARP target protocol address: nw_dst
> ARP target hardware address: arp_tha
>
>
> As in the manpage too:
>
> nw_src turns into arp_sha and nw_dst into arp_tha if it's arp, right ?
>
> No, nw_src is an IP address while arp_sha is a MAC address.
> *nw_src=**ip*[*/**netmask*]
>
> *nw_dst=**ip*[*/**netmask*]
>
> When *dl_type* is 0x0800 (possibly via shorthand, e.g. *ip* or *tcp*),
> matches IPv4 source (or destination) address *ip*, which may be specified
> as an IP address or host name (e.g. *192.168.1.1* or *www.example.com*).
> The optional *netmask* allows restricting a match to an IPv4 address
> prefix. The netmask may be specified as a dotted quad (e.g. *
> 192.168.1.0/255.255.255.0*) or as a CIDR block (e.g. *192.168.1.0/24*).
> Open vSwitch 1.8 and later support arbitrary dotted quad masks; earlier
> versions support only CIDR masks, that is, the dotted quads that are
> equivalent to some CIDR block.
>
> *When **dl_type=0x0806 or **arp is specified, matches the **ar_spa or **
> ar_tpa field, respectively, in ARP packets for IPv4 and Ethernet.*
>
> Actually there are some typo errors in there, no ? *ar_spa *and* ar_tpa*? Is that right ?
>
> Shouldn't be arp_spa and arp_tpa ? Or arp_sha and arp_tha ?
>
ar_spa and ar_tpa are common abbreviations for the IP addresses in an ARP
payload.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20120726/ec358f79/attachment.html>
More information about the discuss
mailing list