On 09/16/2015 11:24 AM, Ben Pfaff wrote:
On Thu, Sep 10, 2015 at 10:22:46PM -0400, Brian Haley wrote:
On 9/10/15 2:54 PM, Ben Pfaff wrote:
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
+ <dt><code>80:fa:5b:06:72:b7 192.168.1.10/24</code></dt>
IPv6 too ? :)
I don't think an IPv6 example would clarify anything.
I mentioned it because in the IPv4 example (below) it also mentions the other
addresses that would be allowed. For example, does:
80:fa:5b:06:72:b7 2001:db8::82fa:5bff:fe06:72b7/64
also imply that fe80::82fa:5bff:fe06:72b7 is allowed?
The text had also mentioned allowing ff00::/8, but in an example like this I
would also think that a restriction would be applied for the solicited-node
address ff02::1:fe06:72b7 ?
Thanks,
-Brian
+ <dd>
+ This adds further restrictions to the first example. The host may
+ send IPv4 packets from or receive IPv4 packets to only 192.168.1.10,
+ except that it may also receive IPv4 packets to 192.168.1.255 (based
+ on the subnet mask), 255.255.255.255, and any address n 224.0.0.0/4.
+ The host may not send ARPs with a source Ethernet address other than
+ 80:fa:5b:06:72:b7 or source IPv4 address other than 192.168.1.10.
What about the Source Hardware Address (SHA) in the ARP reply? That doesn't
have to match the Ethernet hardware address. Or is that what you're talking
about - what's in the ARP reply part of the packet?
I'll add (SHA) and (SPA) in the text above to clarify.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
