Re: [ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with prefixes in lport port security

2016-04-07 Thread Numan Siddique
> > Huh, there's a fair amount of subtlety there. What about logic similar to > the following (untested) code? > > -=-=-=-=-=-=-=-=- > ovs_be32 mask = be32_prefix_mask(ps.ipv4_addrs[i].plen); > /* When the netmask is applied, if the host portion is >

Re: [ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with prefixes in lport port security

2016-04-07 Thread Justin Pettit
> On Apr 7, 2016, at 11:34 AM, Numan Siddique wrote: > > ​Hi Justin, there is still a problem with the below approach.​ > > In the case where port security has "10.0.0.4/24" it means that the logical > port ​is restricted in sending and receiving IP traffic with ip address > 10.0.0.4. IP traf

Re: [ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with prefixes in lport port security

2016-04-07 Thread Numan Siddique
On Thu, Apr 7, 2016 at 9:48 PM, Justin Pettit wrote: > > > On Apr 6, 2016, at 11:26 PM, Numan Siddique wrote: > > > > > > ​Thanks for the comments Justin. I tried a similar approach. It will not > work in the cases where the port security address also has a prefix defined. > > For example with p

Re: [ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with prefixes in lport port security

2016-04-07 Thread Justin Pettit
> On Apr 6, 2016, at 11:26 PM, Numan Siddique wrote: > > > ​Thanks for the comments Justin. I tried a similar approach. It will not work > in the cases where the port security address also has a prefix defined. > For example with port security - "00:00:00:00:00:02 10.0.0.4/24", the ovn > lexe

Re: [ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with prefixes in lport port security

2016-04-06 Thread Numan Siddique
On Thu, Apr 7, 2016 at 3:37 AM, Justin Pettit wrote: > I think you might be able to write a slightly simpler patch by using > ip_format_masked() like the following: > > -=-=-=-=-=-=-=-=-=- > diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c > index 4b1d611..890b17c 100644 > --- a/ovn

Re: [ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with prefixes in lport port security

2016-04-06 Thread Justin Pettit
I think you might be able to write a slightly simpler patch by using ip_format_masked() like the following: -=-=-=-=-=-=-=-=-=- diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 4b1d611..890b17c 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -1179,8 +1179

Re: [ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with prefixes in lport port security

2016-04-06 Thread Ryan Moats
"dev" wrote on 04/06/2016 10:18:57 AM: > From: Numan Siddique > To: ovs dev > Date: 04/06/2016 10:19 AM > Subject: [ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with > prefixes in lport port security > Sent by: "dev" > > Initial implementati

[ovs-dev] [PATCH] ovn-northd: Handle IPv4 addresses with prefixes in lport port security

2016-04-06 Thread Numan Siddique
Initial implementation of port security, missed out this feature. Reported-by: Na Zhu Reported-at: https://bugs.launchpad.net/networking-ovn/+bug/1564414 Signed-off-by: Numan Siddique --- ovn/northd/ovn-northd.c | 31 --- tests/ovn.at| 19