diff options
| author | Justin Pettit <jpettit@nicira.com> | 2010-12-07 14:02:17 -0800 |
|---|---|---|
| committer | Justin Pettit <jpettit@nicira.com> | 2011-02-02 12:42:40 -0800 |
| commit | bad68a9965215511b305c59d7f1830344ec2241f (patch) | |
| tree | 2d21fbf5a0591cfec65932177ba7d6eb3cc9f03a /datapath | |
| parent | 6767a2cce9a6412b3a41a927c4d56b9f0e1ec36f (diff) | |
| download | openvswitch-bad68a9965215511b305c59d7f1830344ec2241f.tar.gz | |
nicira-ext: Support matching ARP source and target hardware addresses.
OpenFlow 1.0 doesn't allow matching on the ARP source and target
hardware address. This has caused us to introduce hacks such as the
Drop Spoofed ARP action. Now that we have extensible match, we can
match on more fields within ARP:
- Source Hardware Address (arp_sha)
- Target Hardware Address (arp_tha)
Signed-off-by: Justin Pettit <jpettit@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Diffstat (limited to 'datapath')
| -rw-r--r-- | datapath/flow.c | 6 | ||||
| -rw-r--r-- | datapath/flow.h | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/datapath/flow.c b/datapath/flow.c index eb67cf450..d83c17d9a 100644 --- a/datapath/flow.c +++ b/datapath/flow.c @@ -390,6 +390,8 @@ int flow_extract(struct sk_buff *skb, u16 in_port, struct sw_flow_key *key, || key->nw_proto == ARPOP_REPLY) { memcpy(&key->nw_src, arp->ar_sip, sizeof(key->nw_src)); memcpy(&key->nw_dst, arp->ar_tip, sizeof(key->nw_dst)); + memcpy(key->arp_sha, arp->ar_sha, ETH_ALEN); + memcpy(key->arp_tha, arp->ar_tha, ETH_ALEN); } } } @@ -538,6 +540,8 @@ int flow_from_nlattrs(struct sw_flow_key *swkey, const struct nlattr *attr) if (arp_key->arp_op & htons(0xff00)) return -EINVAL; swkey->nw_proto = ntohs(arp_key->arp_op); + memcpy(swkey->arp_sha, arp_key->arp_sha, ETH_ALEN); + memcpy(swkey->arp_tha, arp_key->arp_tha, ETH_ALEN); break; default: @@ -665,6 +669,8 @@ int flow_to_nlattrs(const struct sw_flow_key *swkey, struct sk_buff *skb) arp_key->arp_sip = swkey->nw_src; arp_key->arp_tip = swkey->nw_dst; arp_key->arp_op = htons(swkey->nw_proto); + memcpy(arp_key->arp_sha, swkey->arp_sha, ETH_ALEN); + memcpy(arp_key->arp_tha, swkey->arp_tha, ETH_ALEN); } return 0; diff --git a/datapath/flow.h b/datapath/flow.h index be734532c..b9af27224 100644 --- a/datapath/flow.h +++ b/datapath/flow.h @@ -42,6 +42,8 @@ struct sw_flow_key { u8 dl_dst[ETH_ALEN]; /* Ethernet destination address. */ u8 nw_proto; /* IP protocol or lower 8 bits of ARP opcode. */ u8 nw_tos; /* IP ToS (DSCP field, 6 bits). */ + u8 arp_sha[ETH_ALEN]; /* ARP source hardware address. */ + u8 arp_tha[ETH_ALEN]; /* ARP target hardware address. */ }; struct sw_flow { |