Otherwise ARP and other broadcast protocols would be problematic. Reported-by: Justin Pettit <jpet...@nicira.com> Signed-off-by: Ben Pfaff <b...@nicira.com> --- ovn/northd/ovn-northd.c | 3 +++ ovn/ovn-nb.xml | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 4f64d49..b0c6b4e 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -414,6 +414,9 @@ build_pipeline(struct northd_context *ctx) } /* Table 3: Egress port security. */ + NBREC_LOGICAL_SWITCH_FOR_EACH (lswitch, ctx->ovnnb_idl) { + pipeline_add(&pc, lswitch, 3, 100, "eth.dst[40]", "output;"); + } NBREC_LOGICAL_PORT_FOR_EACH (lport, ctx->ovnnb_idl) { struct ds match; diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml index bd9f8a2..2e792a7 100644 --- a/ovn/ovn-nb.xml +++ b/ovn/ovn-nb.xml @@ -140,7 +140,8 @@ A set of L2 (Ethernet) or L3 (IPv4 or IPv6) addresses or L2+L3 pairs from which the logical port is allowed to send packets and to which it is allowed to receive packets. If this column is empty, all addresses - are permitted. + are permitted. Logical ports are always allowed to receive packets + addressed to multicast and broadcast addresses. </p> <p> -- 1.7.10.4 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev