vpcagent: respect guest src check settings (#7677)

mac ip dhcp ping xipping xmacping on on y y n n on off y y y n off off y y y y external access depends on source routing, changing ip address will fail that note dst mac address of reply packet when changing only mac address with vpc ip remains the same
yunionio · Aug 31, 2020 · ad6b38f · ad6b38f
1 parent 7336ff7
commit ad6b38f
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/pkg/vpcagent/ovn/keeper.go b/pkg/vpcagent/ovn/keeper.go
@@ -439,10 +439,26 @@ func (keeper *OVNNorthboundKeeper) ClaimGuestnetwork(ctx context.Context, guestn
 	gnp := &ovn_nb.LogicalSwitchPort{
 		Name:          lportName,
 		Addresses:     []string{fmt.Sprintf("%s %s", guestnetwork.MacAddr, guestnetwork.IpAddr)},
-		PortSecurity:  []string{fmt.Sprintf("%s %s/%d", guestnetwork.MacAddr, guestnetwork.IpAddr, guestnetwork.Network.GuestIpMask)},
 		Dhcpv4Options: &dhcpOpt,
 		Options:       map[string]string{},
 	}
+	if guest.SrcMacCheck.IsFalse() {
+		gnp.Addresses = append(gnp.Addresses, "unknown")
+		// empty, not nil, as match condition
+		gnp.PortSecurity = []string{}
+	} else if guest.SrcIpCheck.IsFalse() {
+		gnp.PortSecurity = []string{
+			fmt.Sprintf("%s", guestnetwork.MacAddr),
+		}
+	} else {
+		gnp.PortSecurity = []string{
+			fmt.Sprintf("%s %s/%d",
+				guestnetwork.MacAddr,
+				guestnetwork.IpAddr,
+				guestnetwork.Network.GuestIpMask,
+			),
+		}
+	}
 
 	var qosVif []*ovn_nb.QoS
 	if bwMbps := guestnetwork.BwLimit; bwMbps > 0 {