Revert "[OVN] Set 'unknown' address properly when port sec is disabled"
We can now revert this patch, because main cause has been already
fixed in Core OVN [1]. With this fix the ARP responder flows are not
installed on LS pipeline, when LSP has port security disabled, and
an 'unknown' address is set in addresses column.
This makes MAC spoofing possible.
[1] https://patchwork.ozlabs.org/patch/1258152/
This reverts commit 03b87ad963
.
Change-Id: Ie4c87d325b671348e133d62818d99af147d50ca2
Closes-Bug: #1864027
This commit is contained in:
parent
6d0b8890b9
commit
3d3b61f879
|
@ -500,7 +500,7 @@ class DBInconsistenciesPeriodics(SchemaAwarePeriodicsBase):
|
|||
type_ = port.type.strip()
|
||||
if not port.port_security:
|
||||
if not type_ and ovn_const.UNKNOWN_ADDR not in addresses:
|
||||
addresses = [ovn_const.UNKNOWN_ADDR]
|
||||
addresses.append(ovn_const.UNKNOWN_ADDR)
|
||||
elif type_ and ovn_const.UNKNOWN_ADDR in addresses:
|
||||
addresses.remove(ovn_const.UNKNOWN_ADDR)
|
||||
else:
|
||||
|
|
|
@ -277,10 +277,7 @@ class OVNClient(object):
|
|||
# OVN allows any mac address from a port if "unknown"
|
||||
# is added to the Logical_Switch_Port.addresses column.
|
||||
# So add it.
|
||||
addresses = [ovn_const.UNKNOWN_ADDR]
|
||||
else:
|
||||
addresses = [address]
|
||||
addresses.extend(new_macs)
|
||||
addresses.append(ovn_const.UNKNOWN_ADDR)
|
||||
|
||||
dhcpv4_options = self._get_port_dhcp_options(port, const.IP_VERSION_4)
|
||||
dhcpv6_options = self._get_port_dhcp_options(port, const.IP_VERSION_6)
|
||||
|
|
|
@ -405,9 +405,8 @@ class TestOVNMechanismDriver(test_plugin.Ml2PluginV2TestCase):
|
|||
self.assertEqual([],
|
||||
called_args_dict.get('port_security'))
|
||||
|
||||
self.assertEqual(1, len(called_args_dict.get('addresses')))
|
||||
self.assertEqual(ovn_const.UNKNOWN_ADDR,
|
||||
called_args_dict.get('addresses')[0])
|
||||
called_args_dict.get('addresses')[1])
|
||||
data = {'port': {'mac_address': '00:00:00:00:00:01'}}
|
||||
req = self.new_update_request(
|
||||
'ports',
|
||||
|
@ -419,9 +418,9 @@ class TestOVNMechanismDriver(test_plugin.Ml2PluginV2TestCase):
|
|||
).call_args_list[0][1])
|
||||
self.assertEqual([],
|
||||
called_args_dict.get('port_security'))
|
||||
self.assertEqual(1, len(called_args_dict.get('addresses')))
|
||||
self.assertEqual(2, len(called_args_dict.get('addresses')))
|
||||
self.assertEqual(ovn_const.UNKNOWN_ADDR,
|
||||
called_args_dict.get('addresses')[0])
|
||||
called_args_dict.get('addresses')[1])
|
||||
|
||||
# Enable port security
|
||||
data = {'port': {'port_security_enabled': 'True'}}
|
||||
|
|
Loading…
Reference in New Issue