openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Slawek Kaplonski 580e57b2ad [OVS FW] Allow egress ICMPv6 only for know addresses 
Before that patch it was possible to send ICMPv6 packets like e.g.
    neutron_lib.constants.ICMPV6_TYPE_MLD_QUERY,
    neutron_lib.constants.ICMPV6_TYPE_RS,
    neutron_lib.constants.ICMPV6_TYPE_NS,
    neutron_lib.constants.ICMPV6_TYPE_NA

And that could cause some security issues as instance could advertise
that it owns IPv6 address which really don't belong to it.

Now rules in table=71 which allows that traffic are "per mac/ipaddress"
and are allowed only for fixed ips allocated to port and port's
allowed_address_pairs.

Closes-Bug: #1902917
Change-Id: I4749fdc6a6cabd253b971bf4010ff76f5593c59c
(cherry picked from commit 4b5bcff64c)
 		2021-02-27 20:10:39 +00:00
..
agent [OVS FW] Allow egress ICMPv6 only for know addresses 2021-02-27 20:10:39 +00:00
api Process DHCP events in order if related 2021-02-07 10:05:32 +00:00
cmd Fix calling of add_tunnel_port method from sanity checks module 2020-12-21 10:21:32 +00:00
common Auto-remove floating agent gw ports on net/subnet delete 2021-01-26 15:06:08 +04:00
conf Add 'keepalived_use_no_track' config option 2020-08-25 07:54:03 +00:00
core_extensions Add "qos_network_policy_id" to port definition 2020-01-17 17:57:11 +00:00
db Don't try to create default SG when security groups are disabled 2021-02-08 10:32:02 +00:00
debug Fix neutron debug probe to use integration_bridge 2020-03-31 11:17:47 +00:00
extensions Merge "Allow sharing of subnet pools via RBAC mechanism" 2020-04-12 17:20:24 +00:00
hacking Allow usage of assert_called_once method in unit tests 2020-03-02 14:17:26 +02:00
ipam IPv6 accepts first address only for routers 2020-01-12 20:39:07 +00:00
locale Imported Translations from Zanata 2020-04-26 07:31:19 +00:00
notifiers Add config option ``http_retries`` 2020-07-09 10:11:22 +00:00
objects [OVN] Allow IP allocation with different segments for OVN service ports 2020-07-27 11:49:18 +00:00
pecan_wsgi Set DB retry for quota_enforcement pecan_wsgi hook 2019-11-08 15:34:17 +04:00
plugins Merge "Avoid race condition when processing RowEvents" into stable/ussuri 2021-02-24 22:21:42 +00:00
privileged Use pyroute2 for SRIOV VF commands 2020-06-26 06:09:48 +00:00
profiling Add profiler decorator to Neutron 2019-10-31 10:05:01 -05:00
quota Set DB retry for quota_enforcement pecan_wsgi hook 2019-11-08 15:34:17 +04:00
scheduler L3 agent scheduler should return a valid index if manual scheduling 2020-06-26 09:59:27 +00:00
server Re-use existing ProcessLauncher from wsgi in RPC workers 2020-02-07 14:51:06 +01:00
services Fix update of trunk subports during live migration 2021-02-11 08:56:32 +00:00
tests [OVS FW] Allow egress ICMPv6 only for know addresses 2021-02-27 20:10:39 +00:00
__init__.py Fix incorrect usage of '# flake8: noqa' 2018-10-29 15:27:50 -04:00
_i18n.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
auth.py Use oslo.context class method to construct context object 2017-03-23 09:02:46 +00:00
manager.py Support L3 agent cleanup on shutdown 2019-12-16 17:01:31 -05:00
neutron_plugin_base_v2.py Do not load default service plugins if core plugin is not DB based 2017-11-09 20:34:52 +00:00
opts.py No rpc_response_max_timeout in LB-agent 2020-06-22 05:50:44 +00:00
policy.py List SG rules which belongs to tenant's SG 2019-11-27 15:45:09 +01:00
service.py Re-use existing ProcessLauncher from wsgi in RPC workers 2020-02-07 14:51:06 +01:00
version.py
worker.py Change process name of neutron-server to match worker role 2019-03-01 14:18:09 -05:00
wsgi.py Re-use existing ProcessLauncher from wsgi in RPC workers 2020-02-07 14:51:06 +01:00