On Tue, Aug 21, 2018 at 03:03:16PM -0700, Han Zhou wrote: > On Tue, Aug 21, 2018 at 11:36 AM Ben Pfaff <[email protected]> wrote: > > > > On Sun, Aug 19, 2018 at 10:27:30PM -0700, Han Zhou wrote: > > > Currently ovn LR datapath responds ARP requests even if the ARP > > > requestor's src IP doesn't belong to the LR port's subnets. This > > > may generate unnecessary ARP responses and there could also be > > > security concerns. This patch restricts the ARP response only if > > > the requestor's IP matches the LR port's subnets. > > > > > > Signed-off-by: Han Zhou <[email protected]> > > > > Thanks, this series seems fine and the tests pass, so I applied it to > > master. > > Thanks Ben. Shall we backport to at least 2.9 and 2.10? Without this, GARP > request won't work for mac-binding update.
How much of a problem is it in practice? The patch series was the first I'd heard of the problem. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
