git.cascardo.info Git - cascardo/ovs.git/commit

author	Numan Siddique <nusiddiq@redhat.com>
	Wed, 2 Mar 2016 19:08:42 +0000 (00:38 +0530)
committer	Ben Pfaff <blp@ovn.org>
	Fri, 18 Mar 2016 23:49:21 +0000 (16:49 -0700)
commit	685f4dfe09f2b0ed859dfcbc7e454c6f7196cefb
tree	11d462dc47dfa482e65bf32afd943e4bec5fb651	tree \| snapshot
parent	8743fa8cb61b1672cc506d515efd5703e3795c23	commit \| diff

ovn: Add l3 port security for IPv4 and IPv6

This patch extends the port security to support L3.
The ingress stage 'ls_in_port_sec' is renamed to 'ls_in_port_sec_l2'
and 2 new stages 'ls_in_port_sec_ip' (table 1) and 'ls_in_port_sec_nd'
(table 2) are added. 'ls_in_port_sec_ip' adds flows to restrict
the IPv4 and IPv6 traffic to valid IPv4 and IPv6 addresses of the port.
'ls_in_port_sec_nd' adds flows to restricts the ARP and IPv6 ND
packets.

For egress pipeline, 'ls_out_port_sec' is renamed to 'ls_out_port_sec_l2'
and a new stage 'ls_out_port_sec_ip' is added before 'ls_out_port_sec_l2'
to restrict the IPv4 and IPv6 traffic for valid IPs.

Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>

lib/packets.h		diff \| blob \| history
ovn/northd/ovn-northd.8.xml		diff \| blob \| history
ovn/northd/ovn-northd.c		diff \| blob \| history
ovn/ovn-nb.xml		diff \| blob \| history
tests/ovn.at		diff \| blob \| history