On Tue, Apr 21, 2015 at 03:58:34PM -0700, Justin Pettit wrote:
>
> > On Apr 21, 2015, at 2:22 PM, Ben Pfaff <[email protected]> wrote:
> >
> > + <dt><code>lport-set-port-security</code> <var>lport</var>
> > [<var>addrs</var>]...</dt>
> > + <dd>
> > + Sets the port security addresses associated with <var>lport</var>
> > to
> > + <var>addrs</var>. Multiple sets of addresses may be set by using
> > + multiple <var>addrs</var> arguments. If no <var>addrs</var>
> > argument
> > + is given, <var>lport</var> will not have port security enabled.
> > + </dd>
>
> Do you think it's worth mentioning that port security limits the
> addresses that this lport can use to send and what addresses it is
> allowed to receive?
Yes. I added a paragraph:
<p>
Port security limits the addresses from which a logical port may send
packets and to which it may receive packets. See the
<code>ovn-nb</code>(5) documentation for the <ref
column="port_security" table="Logical_Port"/> column in the <ref
table="Logical_Port"/> table for details.
</p>
> Also, do you think it's worth mentioning that only Ethernet addresses
> are supported at the moment?
I don't expect that limitation to last long, because it's not difficult
to write L3 port security rules, I just got tangled up trying to figure
out what semantics we actually want, so I'd rather leave it out.
> > + .name = "lport-get-port_security",
>
> I think that should be "port-security".
Oops, fixed.
> Acked-by: Justin Pettit <[email protected]>
Thanks, I applied this to ovn.
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
