1816087 – [OVN] MAC anti-spoof filtering still works if port_security is disabled

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1816087 - [OVN] MAC anti-spoof filtering still works if port_security is disabled

Summary: [OVN] MAC anti-spoof filtering still works if port_security is disabled

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	ovn2.13
Sub Component:
Version:	FDP 20.A
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Numan Siddique
QA Contact:	ying xu
Docs Contact:
URL:
Whiteboard:
Depends On:	1805709
Blocks:
TreeView+	depends on / blocked

Reported:	2020-03-23 10:34 UTC by Numan Siddique
Modified:	2020-08-04 08:00 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1805709
Environment:
Last Closed:	2020-04-14 08:21:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:1434	0	None	None	None	2020-04-14 08:21:45 UTC

Comment 3 ying xu 2020-03-25 03:59:28 UTC

reproduced on version:
# rpm -qa|grep ovn
ovn2.13-central-2.13.0-4.el8fdp.x86_64
ovn2.13-2.13.0-4.el8fdp.x86_64
ovn2.13-host-2.13.0-4.el8fdp.x86_64

change the mac:
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:03
ip netns exec vm2 ping 42.42.42.2 -c 50'
PING 42.42.42.2 (42.42.42.2) 56(84) bytes of data.

--- 42.42.42.2 ping statistics ---
50 packets transmitted, 0 received, 100% packet loss, time 229ms   ---------------------ping fail

verified on version:

# rpm -qa|grep ovn
ovn2.13-central-2.13.0-7.el8fdn.x86_64
ovn2.13-2.13.0-7.el8fdn.x86_64
ovn2.13-host-2.13.0-7.el8fdn.x86_64

change the mac:
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:03

ip netns exec vm2 ping 42.42.42.2 -c 50'
PING 42.42.42.2 (42.42.42.2) 56(84) bytes of data.
64 bytes from 42.42.42.2: icmp_seq=48 ttl=64 time=2.12 ms
64 bytes from 42.42.42.2: icmp_seq=49 ttl=64 time=0.263 ms
64 bytes from 42.42.42.2: icmp_seq=50 ttl=64 time=0.232 ms

--- 42.42.42.2 ping statistics ---
50 packets transmitted, 3 received, 94% packet loss, time 210ms

Comment 5 errata-xmlrpc 2020-04-14 08:21:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1434

Note You need to log in before you can comment on or make changes to this bug.