Add a restriction on the target protocol address to match the configured subnet. All other ARP packets are invalid in this context.
Reported-at: https://bugzilla.redhat.com/1729846 Reported-by: Haidong Li <[email protected]> CC: Han Zhou <[email protected]> Fixes: b068454082f5 ("ovn-northd: Support learning neighbor from ARP request.") Signed-off-by: Dumitru Ceara <[email protected]> --- ovn/northd/ovn-northd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index eb6c47c..29fc726 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -6326,9 +6326,12 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { ds_clear(&match); ds_put_format(&match, - "inport == %s && arp.spa == %s/%u && arp.op == 1", + "inport == %s && arp.spa == %s/%u && " + "arp.tpa == %s/%u && arp.op == 1", op->json_key, op->lrp_networks.ipv4_addrs[i].network_s, + op->lrp_networks.ipv4_addrs[i].plen, + op->lrp_networks.ipv4_addrs[i].network_s, op->lrp_networks.ipv4_addrs[i].plen); if (op->od->l3dgw_port && op == op->od->l3dgw_port && op->od->l3redirect_port) { -- 1.8.3.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
