On 04/24/2015 06:34 PM, Ben Pfaff wrote:
> The implementation of port_security was partial, and the specification was
> vague. This reduces both to what was actually meant to be supported at
> this point. It shouldn't be hard to fully implement port security when we
> have a clear specification.
>
> Reported-by: Justin Pettit <jpet...@nicira.com>
> Signed-off-by: Ben Pfaff <b...@nicira.com>
> ---
> ovn/northd/ovn-northd.c | 67
> +++++------------------------------------------
> ovn/ovn-nb.xml | 10 +++----
> 2 files changed, 10 insertions(+), 67 deletions(-)
I took my test env and added 1 MAC address to port_security for a port
and checked the Pipeline table.
The old match on ingress before resubmitting to table 1 was:
"inport == \"sw0-port1\"
and is now:
"inport == \"sw0-port1\" && eth.src == {00:00:00:00:00:01}"
The old match in table 3 for output was:
"outport == \"sw0-port1\"
and is now:
"outport == \"sw0-port1\" && eth.dst == {00:00:00:00:00:01}"
so it appears to be doing what I would expect.
Acked-by: Russell Bryant <rbry...@redhat.com>
--
Russell Bryant
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
