[ovs-git] [openvswitch/ovs] 685f4d: ovn: Add l3 port security for IPv4 and IPv6

GitHub noreply at github.com
Fri Mar 18 23:49:38 UTC 2016


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 685f4dfe09f2b0ed859dfcbc7e454c6f7196cefb
      https://github.com/openvswitch/ovs/commit/685f4dfe09f2b0ed859dfcbc7e454c6f7196cefb
  Author: Numan Siddique <nusiddiq at redhat.com>
  Date:   2016-03-18 (Fri, 18 Mar 2016)

  Changed paths:
    M lib/packets.h
    M ovn/northd/ovn-northd.8.xml
    M ovn/northd/ovn-northd.c
    M ovn/ovn-nb.xml
    M tests/ovn.at

  Log Message:
  -----------
  ovn: Add l3 port security for IPv4 and IPv6

This patch extends the port security to support L3.
The ingress stage 'ls_in_port_sec' is renamed to 'ls_in_port_sec_l2'
and 2 new stages 'ls_in_port_sec_ip' (table 1) and 'ls_in_port_sec_nd'
(table 2) are added. 'ls_in_port_sec_ip' adds flows to restrict
the IPv4 and IPv6 traffic to valid IPv4 and IPv6 addresses of the port.
'ls_in_port_sec_nd' adds flows to restricts the ARP and IPv6 ND
packets.

For egress pipeline, 'ls_out_port_sec' is renamed to 'ls_out_port_sec_l2'
and a new stage 'ls_out_port_sec_ip' is added before 'ls_out_port_sec_l2'
to restrict the IPv4 and IPv6 traffic for valid IPs.

Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Co-authored-by: Ben Pfaff <blp at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list