On 09/16/2015 11:24 AM, Ben Pfaff wrote:
On Thu, Sep 10, 2015 at 10:22:46PM -0400, Brian Haley wrote:
On 9/10/15 2:54 PM, Ben Pfaff wrote:
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
+80:fa:5b:06:72:b7 192.168.1.10/24
IPv6 too ? :)
I don't think an IPv6 example would clarify any
On Thu, Sep 10, 2015 at 10:22:46PM -0400, Brian Haley wrote:
> On 9/10/15 2:54 PM, Ben Pfaff wrote:
> >diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
>
> >+80:fa:5b:06:72:b7 192.168.1.10/24
>
> IPv6 too ? :)
I don't think an IPv6 example would clarify anything.
> >+
> >+
On 9/10/15 2:54 PM, Ben Pfaff wrote:
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
+80:fa:5b:06:72:b7 192.168.1.10/24
IPv6 too ? :)
+
+ This adds further restrictions to the first example. The host may
+ send IPv4 packets from or receive IPv4 packets to on
The "obvious" implementation of port security based on this proposal
would be a single long match expression. For example, suppose that
the port_security expression is "00:00:00:00:00:01 192.168.0.1".
Then one might naturally write:
eth.src == 00:00:00:00:00:01
&& (!arp || (arp
