Update OpenvSwitch.rb

Block ARP cache poisoning in openvswitch
2025-03-20 10:50:08 +03:00 · 2013-08-08 13:44:29 -04:00 · 2013-08-08 13:44:29 -04:00 · 13f4ff0cdb
commit 13f4ff0cdb
parent 28ebcdfc08
1 changed files with 2 additions and 0 deletions
--- a/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb
+++ b/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb
@ -80,6 +80,8 @@ class OpenvSwitchVLAN < OpenNebulaNetwork
    end

    def mac_spoofing
+        add_flow("in_port=#{port},arp,dl_src=#{@nic[:mac]}",:drop,45000)
+        add_flow("in_port=#{port},arp,dl_src=#{@nic[:mac]},nw_src=#{@nic[:ip]}",:normal,46000)
        add_flow("in_port=#{port},dl_src=#{@nic[:mac]}",:normal,40000)
        add_flow("in_port=#{port}",:drop,39000)
    end