Bug 1816087

Summary: [OVN] MAC anti-spoof filtering still works if port_security is disabled
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Numan Siddique <nusiddiq>
Component: ovn2.13Assignee: Numan Siddique <nusiddiq>
Status: CLOSED ERRATA QA Contact: ying xu <yinxu>
Severity: high Docs Contact:
Priority: unspecified    
Version: FDP 20.ACC: ctrautma, dceara, fhallal, jishi, mjozefcz, mmichels, nusiddiq, ralongi, sathlang
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1805709 Environment:
Last Closed: 2020-04-14 08:21:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1805709    
Bug Blocks:    

Comment 3 ying xu 2020-03-25 03:59:28 UTC 
reproduced on version:
# rpm -qa|grep ovn
ovn2.13-central-2.13.0-4.el8fdp.x86_64
ovn2.13-2.13.0-4.el8fdp.x86_64
ovn2.13-host-2.13.0-4.el8fdp.x86_64

change the mac:
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:03
ip netns exec vm2 ping 42.42.42.2 -c 50'
PING 42.42.42.2 (42.42.42.2) 56(84) bytes of data.

--- 42.42.42.2 ping statistics ---
50 packets transmitted, 0 received, 100% packet loss, time 229ms   ---------------------ping fail

verified on version:

# rpm -qa|grep ovn
ovn2.13-central-2.13.0-7.el8fdn.x86_64
ovn2.13-2.13.0-7.el8fdn.x86_64
ovn2.13-host-2.13.0-7.el8fdn.x86_64

change the mac:
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:03

ip netns exec vm2 ping 42.42.42.2 -c 50'
PING 42.42.42.2 (42.42.42.2) 56(84) bytes of data.
64 bytes from 42.42.42.2: icmp_seq=48 ttl=64 time=2.12 ms
64 bytes from 42.42.42.2: icmp_seq=49 ttl=64 time=0.263 ms
64 bytes from 42.42.42.2: icmp_seq=50 ttl=64 time=0.232 ms

--- 42.42.42.2 ping statistics ---
50 packets transmitted, 3 received, 94% packet loss, time 210ms
Comment 5 errata-xmlrpc 2020-04-14 08:21:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1434