I have viewed the ovs-ofctl man page, I found that the arp match has only
arp_sha and arp_dha. It can't match the source ip in arp(SPA) and destination
ip(DPA) in arp. Without this, the arp spoofing can't be prevented.
OVS replaces the bridge default in kernel. Ebtables can't work. But now
OVS doesn't have enough function to replace eatables. For example, arp_reply
module in eatables.
I have successfully realized the broute which is in eatables by OVS._______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
