openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/agent/linux
History
Slawek Kaplonski 4b5bcff64c [OVS FW] Allow egress ICMPv6 only for know addresses 
Before that patch it was possible to send ICMPv6 packets like e.g.
    neutron_lib.constants.ICMPV6_TYPE_MLD_QUERY,
    neutron_lib.constants.ICMPV6_TYPE_RS,
    neutron_lib.constants.ICMPV6_TYPE_NS,
    neutron_lib.constants.ICMPV6_TYPE_NA

And that could cause some security issues as instance could advertise
that it owns IPv6 address which really don't belong to it.

Now rules in table=71 which allows that traffic are "per mac/ipaddress"
and are allowed only for fixed ips allocated to port and port's
allowed_address_pairs.

Closes-Bug: #1902917
Change-Id: I4749fdc6a6cabd253b971bf4010ff76f5593c59c
 		2021-02-19 11:43:56 +01:00
..
openvswitch_firewall [OVS FW] Allow egress ICMPv6 only for know addresses 2021-02-19 11:43:56 +01:00
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
bridge_lib.py Implement "FdbInterface" with Pyroute2 2020-12-24 17:00:06 +00:00
daemon.py Remove "six" library 2020-07-28 16:55:52 +00:00
dhcp.py Proper log translation 2021-01-21 19:07:04 +03:00
dibbler.py Remove "six" library 2020-07-28 16:55:52 +00:00
external_process.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00
interface.py Migrate "ethtool" to oslo.privsep 2020-07-07 17:45:54 +00:00
ip_conntrack.py Merge "Use '-p ip' instead of '-p 0' with conntrack" 2019-04-12 13:02:24 +00:00
ip_lib.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00
ipset_manager.py [Security] fix allowed-address-pair 0.0.0.0/0 issue 2020-03-21 17:54:34 +08:00
iptables_comments.py Iptables firewall driver adds forward rules for trusted ports 2018-03-06 10:13:44 +01:00
iptables_firewall.py Bump pylint version to support python 3.8 2020-08-06 16:00:30 +02:00
iptables_manager.py [OVN] Ensure metadata checksum 2020-12-10 17:18:50 +00:00
keepalived.py Ensure "keepalived" is correcly disabled 2020-12-16 16:33:01 +00:00
l3_tc_lib.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00
of_monitor.py OpenFlow monitor 2019-11-20 18:00:13 +00:00
pd.py Merge "Improve terminology in the Neutron tree" 2020-08-28 14:06:18 +00:00
pd_driver.py Remove usage of six.add_metaclass 2020-05-21 14:41:18 -04:00
ra.py Remove more empty lines in ipv6 ra conf. 2020-09-30 11:02:02 +08:00
tc_lib.py Fix the wrong value for QoS rate conversion to bytes/s 2020-06-20 19:38:30 +00:00
utils.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00