[ovs-git] [openvswitch/ovs] 9e687b: ovn-northd: Restrict use of unspecified source add...

GitHub noreply at github.com
Thu Jun 2 22:30:49 UTC 2016


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 9e687b239a801d822de015bfc9d09d6c8dc40bfc
      https://github.com/openvswitch/ovs/commit/9e687b239a801d822de015bfc9d09d6c8dc40bfc
  Author: Dustin Lundquist <dustin at null-ptr.net>
  Date:   2016-06-02 (Thu, 02 Jun 2016)

  Changed paths:
    M ovn/northd/ovn-northd.8.xml
    M ovn/northd/ovn-northd.c
    M tests/ovn.at

  Log Message:
  -----------
  ovn-northd: Restrict use of unspecified source addresses

Restrict use of the unspecified source addresses (:: and 0.0.0.0) to
traffic necessary to obtain an IP address. DHCP discovery messages for
the IPv4 case, and ICMP6 types necessary for duplicate address detection
for IPv6.

This breaks the existing ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV
test since it tests sourcing IPv6 packets from the unspecified address
with and invalid ICMPv6 type (0). Modified this test should be extended
to verify ICMPv6 types for DAD are permitted, and other IPv6 traffic
sourced from the unspecified address are dropped.

Signed-off-by: Dustin Lundquist <dustin at null-ptr.net>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list