openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/tests/unit/agent/linux
History
Slawek Kaplonski 4b5bcff64c [OVS FW] Allow egress ICMPv6 only for know addresses 
Before that patch it was possible to send ICMPv6 packets like e.g.
    neutron_lib.constants.ICMPV6_TYPE_MLD_QUERY,
    neutron_lib.constants.ICMPV6_TYPE_RS,
    neutron_lib.constants.ICMPV6_TYPE_NS,
    neutron_lib.constants.ICMPV6_TYPE_NA

And that could cause some security issues as instance could advertise
that it owns IPv6 address which really don't belong to it.

Now rules in table=71 which allows that traffic are "per mac/ipaddress"
and are allowed only for fixed ips allocated to port and port's
allowed_address_pairs.

Closes-Bug: #1902917
Change-Id: I4749fdc6a6cabd253b971bf4010ff76f5593c59c
 		2021-02-19 11:43:56 +01:00
..
openvswitch_firewall [OVS FW] Allow egress ICMPv6 only for know addresses 2021-02-19 11:43:56 +01:00
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
failing_process.py Keep reading stdout/stderr until after kill 2015-11-19 19:14:13 +02:00
test_bridge_lib.py Implement "BridgeDevice" with Pyroute2 2020-07-06 11:01:21 +00:00
test_daemon.py Remove the dependency on the "mock" package 2020-04-28 18:05:37 -04:00
test_dhcp.py Remove duplicated assignement of the device_owner in UT 2021-02-03 21:08:19 +01:00
test_external_process.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00
test_interface.py Migrate "ethtool" to oslo.privsep 2020-07-07 17:45:54 +00:00
test_ip_conntrack.py Remove the dependency on the "mock" package 2020-04-28 18:05:37 -04:00
test_ip_lib.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00
test_ipset_manager.py Remove the dependency on the "mock" package 2020-04-28 18:05:37 -04:00
test_iptables_firewall.py Fix iptables rules comments 2020-06-03 16:29:22 +00:00
test_iptables_manager.py Set metering iptables chain not found LOG level to WARNING 2020-11-19 09:14:28 -03:00
test_keepalived.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00
test_l3_tc_lib.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00
test_pd.py Ensure fip ip rules deleted when fip removed 2020-08-18 20:39:10 +01:00
test_tc_lib.py Fix the wrong value for QoS rate conversion to bytes/s 2020-06-20 19:38:30 +00:00
test_utils.py Remove rootwrap execution (1) 2021-02-06 16:22:43 +00:00