Current LLDP/BDDP-based Topology Detection is vulnerable to the
creation of fake links via forged, modified, or replayed LLDP packets.
This patch fixes this vulnerability by authenticating LLDP/BDDP packets
using a Message Authentication Code and adding a timestamp to prevent
replay. We use HMAC with SHA-256 has our Messge Authentication Code and
derive the key from the config/cluster.json file via the
ClusterMetadata class.
Change-Id: I01dd6edc5cffd6dfe274bcdb97189f2661a6c4f1
Also let Ethernet class recognize EAPOL eth-type when printing.
Change-Id: I52b9d9aec6dfdd07aa49861f8c6b82ed814f638e
(cherry picked from commit 6f58cf1e5aae371cb8c7e0ad69552f3e68672f05)
- Multicast can use the same table as unicast. Merge into one.
- Allow masked destination MAC in classifier table
Note:
- Pipeliner now translates all exact MAC match to masked match with FF:FF:FF:FF:FF:FF mask.
- Interpreter now only uses masked src/dst MAC
Change-Id: Ibd27ebfb2d72ba929031f07a29927eb6f1844f11
(cherry picked from commit 0865779b66a59a623856b1353615e462af5575c5)
Currently, ONOS packet-out the LLDP packet with port component type for port id as number value.
But according to RFC2922 , It describes that the port id should be octet string(normal string type).
So, if port number is presented as string value, we can see the port number as string at switch's CLI output.
ONOS-7737
Change-Id: I3ecd0e60a038239c9b4cacd0dd06730bdeb5e338
- Implemented logic to handle double-tagged host in segmentrouting application.
- Added 'DummyVlanId' to segmentrouting application to keep track of dummy vlan for L3L2Unfiltered group chain and egress tables.
- Implemented L2Unfiltered group and Egress pipeline programming support in OFDPA pipeline.
- Added EGRESS flag to the forwardingObjective to program Egress tables.
- Fixed bugs when handling double-tagged ARP request, to get correct vlan id and reply with double-tagged packet.
- Fixed bugs in BasicHostConfig, to set the value of 'outerTpid' to 0x8100 if it is not specified.
- Fixed build(ARP/ICMP/ICMP6)reply to build double-tagged reply if corresponding request is double-tagged.
Change-Id: I1fdc30b55827c3f73fad9e854bcaa5fb23f7bcd0
Changes:
* Add configuration flag to disable old leasequery routing/learning flow
* Route leasequery (v4 and v6) responses to an originator
* Fix NPE and BufferOverflow exceptions in Dhcp6LeaseQueryOption
* Make Dhcp4/Dhcp6HandlerUtil classes static
* Fix codestyle issues
Change-Id: Ic9e527d73a226e7f1f544dab9fb98398b85c5460
Update the prefix for self assigned IPs, so we can support more IPs when using HostLocationProvider.
Dynamic Configuration of IPv4 Link-Local Addresses https://tools.ietf.org/html/rfc3927
Change-Id: I29931ee45f01a4c9d89784884ef27adb376f5efa
