Merge "Enable ARP spoofing prevention by default"
This commit is contained in:
commit
bc688115ad
|
@ -106,7 +106,7 @@
|
|||
# (e.g. bare metal or VMs attached to agents without this flag set to True).
|
||||
# Requires a version of OVS that can match ARP headers.
|
||||
#
|
||||
# prevent_arp_spoofing = False
|
||||
# prevent_arp_spoofing = True
|
||||
|
||||
# (BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet
|
||||
# carrying GRE/VXLAN tunnel. The default value is True.
|
||||
|
|
|
@ -74,7 +74,7 @@ agent_opts = [
|
|||
"Allows the switch (when supporting an overlay) "
|
||||
"to respond to an ARP request locally without "
|
||||
"performing a costly ARP broadcast into the overlay.")),
|
||||
cfg.BoolOpt('prevent_arp_spoofing', default=False,
|
||||
cfg.BoolOpt('prevent_arp_spoofing', default=True,
|
||||
help=_("Enable suppression of ARP responses that don't match "
|
||||
"an IP address that belongs to the port from which "
|
||||
"they originate. Note: This prevents the VMs attached "
|
||||
|
|
|
@ -106,6 +106,7 @@ class TestOvsNeutronAgent(base.BaseTestCase):
|
|||
'neutron.agent.firewall.NoopFirewallDriver',
|
||||
group='SECURITYGROUP')
|
||||
cfg.CONF.set_default('quitting_rpc_timeout', 10, 'AGENT')
|
||||
cfg.CONF.set_default('prevent_arp_spoofing', False, 'AGENT')
|
||||
kwargs = ovs_neutron_agent.create_agent_config_map(cfg.CONF)
|
||||
|
||||
class MockFixedIntervalLoopingCall(object):
|
||||
|
|
Loading…
Reference in New Issue