[ovs-git] [openvswitch/ovs] 9e687b: ovn-northd: Restrict use of unspecified source add...
GitHub
noreply at github.com
Thu Jun 2 22:30:49 UTC 2016
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: 9e687b239a801d822de015bfc9d09d6c8dc40bfc
https://github.com/openvswitch/ovs/commit/9e687b239a801d822de015bfc9d09d6c8dc40bfc
Author: Dustin Lundquist <dustin at null-ptr.net>
Date: 2016-06-02 (Thu, 02 Jun 2016)
Changed paths:
M ovn/northd/ovn-northd.8.xml
M ovn/northd/ovn-northd.c
M tests/ovn.at
Log Message:
-----------
ovn-northd: Restrict use of unspecified source addresses
Restrict use of the unspecified source addresses (:: and 0.0.0.0) to
traffic necessary to obtain an IP address. DHCP discovery messages for
the IPv4 case, and ICMP6 types necessary for duplicate address detection
for IPv6.
This breaks the existing ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV
test since it tests sourcing IPv6 packets from the unspecified address
with and invalid ICMPv6 type (0). Modified this test should be extended
to verify ICMPv6 types for DAD are permitted, and other IPv6 traffic
sourced from the unspecified address are dropped.
Signed-off-by: Dustin Lundquist <dustin at null-ptr.net>
Signed-off-by: Ben Pfaff <blp at ovn.org>
More information about the git
mailing list