ovn-northd: Port security allows receiving packets to multicast/broadcast.

author Ben Pfaff <blp@nicira.com>

Wed, 22 Apr 2015 01:04:39 +0000 (18:04 -0700)

committer Ben Pfaff <blp@nicira.com>

Tue, 28 Apr 2015 23:58:04 +0000 (16:58 -0700)
author Ben Pfaff <blp@nicira.com>
Wed, 22 Apr 2015 01:04:39 +0000 (18:04 -0700)
committer Ben Pfaff <blp@nicira.com>
Tue, 28 Apr 2015 23:58:04 +0000 (16:58 -0700)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c

index e80c8e6..311baa5 100644 (file)
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -442,6 +442,9 @@ build_pipeline(struct northd_context *ctx)
      }
  
      /* Table 3: Egress port security. */
+    NBREC_LOGICAL_SWITCH_FOR_EACH (lswitch, ctx->ovnnb_idl) {
+        pipeline_add(&pc, lswitch, 3, 100, "eth.dst[40]", "output;");
+    }
      NBREC_LOGICAL_PORT_FOR_EACH (lport, ctx->ovnnb_idl) {
          struct ds match;
  
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml

index bd9f8a2..2e792a7 100644 (file)
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -140,7 +140,8 @@
          A set of L2 (Ethernet) or L3 (IPv4 or IPv6) addresses or L2+L3 pairs
          from which the logical port is allowed to send packets and to which it
          is allowed to receive packets.  If this column is empty, all addresses
-        are permitted.
+        are permitted.  Logical ports are always allowed to receive packets
+        addressed to multicast and broadcast addresses.
        </p>
  
        <p>
author	Ben Pfaff <blp@nicira.com>
	Wed, 22 Apr 2015 01:04:39 +0000 (18:04 -0700)
committer	Ben Pfaff <blp@nicira.com>
	Tue, 28 Apr 2015 23:58:04 +0000 (16:58 -0700)
ovn/northd/ovn-northd.c		patch \| blob \| history
ovn/ovn-nb.xml		patch \| blob \| history