OpenStack Networking (Neutron)

Go to file

LIU Yulong 551130e9f4 [Security] fix allowed-address-pair 0.0.0.0/0 issue When add allowed-address-pair 0.0.0.0/0 to one port, it will unexpectedly open all others' protocol under same security group. IPv6 has the same problem. The root cause is the openflow rules calculation of the security group, it will unexpectedly allow all IP(4&6) traffic to get through. For openvswitch openflow firewall, this patch adds a source mac address match for the allowed-address-pair which has prefix lenght 0, that means all ethernet packets from this mac will be accepted. It exactly will meet the request of accepting any IP address from the configured VM. Test result shows that the remote security group and allowed address pair works: 1. Port has 0.0.0.0/0 allowed-address-pair clould send any IP (src) packet out. 2. Port has x.x.x.x/y allowed-address-pair could be accepted for those VMs under same security group. 3. Ports under same network can reach each other (remote security group). 4. Protocol port number could be accessed only when there has related rule. Closes-bug: #1867119 Change-Id: I2e3aa7c400d7bb17cc117b65faaa160b41013dde (cherry picked from commit `00298fe6e8`)		2020-07-31 11:22:31 +00:00
api-ref	Fix some typos	2016-06-28 22:46:19 +02:00
bin	Use os-xenapi for neutron when XenServer as hypervisor	2017-03-30 18:33:37 +00:00
devstack	Add l3 conntrack helper to devstack plugin	2019-09-16 12:23:35 +00:00
doc	[OVN] Allow IP allocation with different segments for OVN service ports	2020-07-27 11:53:37 +00:00
etc	Merge "Workaround for TCP checksum issue with ovs-dpdk and veth pair" into stable/train	2020-07-01 03:10:18 +00:00
neutron	[Security] fix allowed-address-pair 0.0.0.0/0 issue	2020-07-31 11:22:31 +00:00
playbooks	Add ensure-tox in functional job	2020-06-22 16:32:21 +00:00
rally-jobs	Rally task definition for port binding scenario	2019-07-08 13:25:46 +02:00
releasenotes	Merge "Optionally use admin powers when deleting DNS records" into stable/train	2020-07-18 03:30:31 +00:00
roles	Fix log directory permissions for functional job	2019-08-03 12:06:32 +00:00
tools	Set rootwrap daemon timeout for fullstack and functional tests	2019-11-04 09:51:09 +00:00
.coveragerc	Cleanup coverage configuration	2016-10-17 17:06:19 +05:30
.gitignore	Removing existing dirs from .gitignore	2019-05-31 13:35:30 +00:00
.gitreview	Update .gitreview for stable/train	2019-09-26 09:44:06 +00:00
.mailmap	Add mailmap entry	2014-05-16 13:40:04 -04:00
.pylintrc	Fix pylint R1717 (consider-using-dict-comprehension) refactor messages	2019-03-14 23:19:58 +00:00
.stestr.conf	Fix post gate hook to accommodate for new os-testr	2017-09-12 14:20:12 -06:00
.zuul.yaml	Migrate neutron grenade multinode jobs to be native Zuul v3	2020-06-18 22:43:27 -05:00
CONTRIBUTING.rst	Update link for contribution	2017-08-31 16:44:51 +02:00
HACKING.rst	Update the documentation link for doc migration	2017-07-22 18:46:13 +09:00
LICENSE	Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to	2011-08-08 12:31:04 -07:00
README.rst	Update mailinglist from dev to discuss	2018-12-12 12:44:12 +08:00
TESTING.rst	Add note about apparmor issue with fullstack tests	2019-09-11 19:56:50 +00:00
babel.cfg	Use babel to generate translation file	2013-01-24 00:20:32 +08:00
bindep.txt	Add libffi-dev to bindep.txt	2017-06-13 19:26:49 +00:00
lower-constraints.txt	Fix pep8 job	2020-07-10 13:47:38 +00:00
requirements.txt	Use openstacksdk for ironic notifiers	2019-09-19 06:56:24 +00:00
setup.cfg	Merge "Agent - Conntrack Helper"	2019-09-15 01:39:25 +00:00
setup.py	Updated from global requirements	2017-03-04 11:19:58 +00:00
test-requirements.txt	Fix pep8 job	2020-07-10 13:47:38 +00:00
tox.ini	Use constraints for docs tox target	2019-12-12 11:57:04 +01:00

README.rst

Team and repository tags

Welcome!

To learn more about neutron:

Documentation: https://docs.openstack.org

Features: https://specs.openstack.org/openstack/neutron-specs

Defects: https://launchpad.net/neutron

Release notes: https://docs.openstack.org/releasenotes/neutron/index.html

Get in touch via email. Use [Neutron] in your subject.

To learn how to contribute:

CONTRIBUTING.rst