projects / openvswitch / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e5ae7df) | patch
Add Nicira extension to OpenFlow for dropping spoofed ARP packets.
authorBen Pfaff <blp@nicira.com>
Tue, 24 Aug 2010 23:00:27 +0000 (16:00 -0700)
committerBen Pfaff <blp@nicira.com>
Thu, 26 Aug 2010 17:56:20 +0000 (10:56 -0700)
commit401eeb92d32ac0fa07f34f5b803d67b8032b6403
treed3c36f17662b43a6f4ed65e938b12ab3823ed2a5tree | snapshot
parente5ae7df8c7f44cb2d6f42daaab1d3c26c7a88ae3commit | diff
Add Nicira extension to OpenFlow for dropping spoofed ARP packets.

"ARP spoofing" is when a host claims an incorrect association between an
IP address and a MAC address for deceptive purposes.  OpenFlow by itself
can prevent a host from sending out ARP replies from an incorrect MAC
address in the Ethernet L2 header, but it cannot control the MAC addresses
inside the ARP L3 packet.  This commit adds a new action that can be used
to drop these spoofed packets.

CC: Paul Ingram <paul@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
datapath/actions.c diff | blob | history
datapath/flow.c diff | blob | history
datapath/flow.h diff | blob | history
include/openflow/nicira-ext.h diff | blob | history
include/openvswitch/datapath-protocol.h diff | blob | history
lib/dpif-netdev.c diff | blob | history
ofproto/ofproto.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.