neutron

History

Nate Johnston 55a503b4c9 Add custom ethertype processing The OVS Firewall blocks traffic that does not have either the IPv4 or IPv6 ethertypes at present. This is a behavior change compared to the iptables_hybrid firewall, which only operates on IP packets and thus does not address other ethertypes. This is a lightweight change that sets a configuration option in the neutron openvswitch agent configuration file for permitted ethertypes and then ensures that the requested ethertypes are permitted on initialization. This addresses the security and usability concerns on both master and stable branches while a full-fledged extension to the security groups API is considered. Change-Id: Ide78b0b90cf6d6069ce3787fc60766be52062da0 Related-Bug: #1832758 (cherry picked from commit `9ea6a61665`)	2019-07-01 15:33:34 +00:00
..
notes	Add custom ethertype processing	2019-07-01 15:33:34 +00:00
source	Imported Translations from Zanata	2018-11-30 09:16:33 +00:00

Nate Johnston 55a503b4c9 Add custom ethertype processing

The OVS Firewall blocks traffic that does not have either the IPv4 or
IPv6 ethertypes at present.  This is a behavior change compared to the
iptables_hybrid firewall, which only operates on IP packets and thus
does not address other ethertypes.

This is a lightweight change that sets a configuration option in the
neutron openvswitch agent configuration file for permitted ethertypes
and then ensures that the requested ethertypes are permitted on
initialization.  This addresses the security and usability concerns on
both master and stable branches while a full-fledged extension to the
security groups API is considered.

Change-Id: Ide78b0b90cf6d6069ce3787fc60766be52062da0
Related-Bug: #1832758
(cherry picked from commit 9ea6a61665)

2019-07-01 15:33:34 +00:00

notes Add custom ethertype processing 2019-07-01 15:33:34 +00:00

source Imported Translations from Zanata 2018-11-30 09:16:33 +00:00