openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Jens Harbott 0fce3ca2c1 Secure dnsmasq process against external abuse 
Currently any dhcp agent instance will work as an open resolver. For
deployments using publicly routed addresses for tenant networks, this
allows the agent being abused in dDoS attacks, see [1].

By setting the `--local-service` option dnsmasq will filter DNS queries
and reply only to queries from directly attached networks.

[1] https://bugs.launchpad.net/neutron/+bug/1501206

Closes-Bug: 1501206
Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e
 		2018-11-28 15:49:25 -05:00
..
agent Secure dnsmasq process against external abuse 2018-11-28 15:49:25 -05:00
api use context manager from neutron-lib 2018-10-24 07:18:46 -06:00
cmd Secure dnsmasq process against external abuse 2018-11-28 15:49:25 -05:00
common Merge "Fix flake8 N534 untranslated exception message" 2018-10-23 16:20:52 +00:00
conf Event driven periodic resync task for DHCP agents 2018-10-26 01:24:24 +08:00
core_extensions use autonested_transaction from neutron-lib 2018-07-26 07:41:34 -06:00
db Merge "use context manager from neutron-lib" 2018-10-27 09:39:17 +00:00
debug Fix all pep8 E265 errors 2018-04-30 16:35:52 -04:00
extensions Introduce Port resource request extension 2018-10-17 07:34:36 +00:00
hacking use sqla functions from neutron-lib 2018-07-25 21:04:20 +00:00
ipam use context manager from neutron-lib 2018-10-24 07:18:46 -06:00
locale Imported Translations from Zanata 2018-03-03 06:08:46 +00:00
notifiers Fix W503 pep8 warnings 2018-04-17 14:22:58 +00:00
objects use context manager from neutron-lib 2018-10-24 07:18:46 -06:00
pecan_wsgi use context manager from neutron-lib 2018-10-24 07:18:46 -06:00
plugins Merge "use context manager from neutron-lib" 2018-10-27 09:39:17 +00:00
privileged Add capabilities for privsep 2018-10-26 18:03:52 +04:00
quota use context manager from neutron-lib 2018-10-24 07:18:46 -06:00
scheduler Fetch specific columns rather than full ORM entities 2018-08-22 10:14:09 +00:00
server Allow neutron-api load config from WSGI process 2018-07-25 15:22:14 +07:00
services use context manager from neutron-lib 2018-10-24 07:18:46 -06:00
tests Secure dnsmasq process against external abuse 2018-11-28 15:49:25 -05:00
__init__.py tell pylint to ignore python2 version of gettext 2018-10-03 08:39:35 +00:00
_i18n.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
auth.py Use oslo.context class method to construct context object 2017-03-23 09:02:46 +00:00
manager.py Implement filter validation 2018-07-19 04:13:43 +00:00
neutron_plugin_base_v2.py Do not load default service plugins if core plugin is not DB based 2017-11-09 20:34:52 +00:00
opts.py supported_vnic_type configurable for ovs 2018-10-15 20:35:49 +02:00
policy.py Add ext_parent policy check 2018-08-01 02:45:42 +08:00
service.py Allow neutron-api load config from WSGI process 2018-07-25 15:22:14 +07:00
version.py
worker.py replace WorkerSupportServiceMixin with neutron-lib's WorkerBase 2017-06-14 06:56:48 -06:00
wsgi.py use context manager from neutron-lib 2018-10-24 07:18:46 -06:00