"dev" <dev-boun...@openvswitch.org> wrote on 05/20/2016 02:48:16 PM:
> From: Dustin Lundquist <dus...@null-ptr.net> > To: dev@openvswitch.org > Date: 05/20/2016 02:47 PM > Subject: [ovs-dev] [ovs-dev, v2][PATCH] ovn-northd: Restrict use of > unspecified source addresses > Sent by: "dev" <dev-boun...@openvswitch.org> > > Restrict use of the unspecified source addresses (:: and 0.0.0.0) to > traffic necessary to obtain an IP address. DHCP discovery messages for > the IPv4 case, and ICMP6 types necessary for duplicate address detection > for IPv6. > > This breaks the existing ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV > test since it tests sourcing IPv6 packets from the unspecified address > with and invalid ICMPv6 type (0). Modified this test should be extended > to verify ICMPv6 types for DAD are permitted, and other IPv6 traffic > sourced from the unspecified address are dropped. > > Signed-off-by: Dustin Lundquist <dus...@null-ptr.net> I've looked at this both by inspection and by looking at the resulting rules that come out of running the unit test case and they all look sane to me... Acked-by: Ryan Moats <rmo...@us.ibm.com> _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
