openstack
/
neutron
Code Issues Proposed changes
OpenStack Networking (Neutron)
5,147 Commits 9 Branches 75 Tags 1,010 MiB
Python 99.5%
Shell 0.4%
Jinja 0.1%
Go to file
Aaron Rosen 843e60b790 Prevent cross plugging router ports from other tenants 
Previously, a tenant could plug an interface into another tenant's
router if he knew their router_id by creating a port with the correct
device_id and device_owner. This patch prevents this from occuring
by preventing non-admin users from creating ports with device_owner
network:router_interface with a device_id that matches another tenants router.
In addition, it prevents one from updating a ports device_owner and device_id
so that the device_id won't match another tenants router with device_owner
being network:router_interface.

NOTE: with this change it does open up the possiblity for a tenant to discover
router_id's of another tenant's by guessing them and updating a port till
a conflict occurs. That said, randomly guessing the router id would be hard
and in theory should not matter if exposed. We also need to allow a tenant
to update the device_id on network:router_interface ports as this would be
used for by anyone using a vm as a service router. This issue will be fixed in
another patch upstream as a db migration is required but since this needs
to be backported to all stable branches this is not possible.

NOTE: The only plugins affect by this are the ones that use the l3-agent.

NOTE: **One should perform and audit of the ports that are already
        attached to routers after applying this patch and remove ports
        that a tenant may have cross plugged.**

Change-Id: I8bc6241f537d937e5729072dcc76871bf407cdb3
Closes-bug: #1243327
 		2014-03-27 14:18:58 +00:00
bin Use oslo.rootwrap library instead of local copy 2014-02-07 10:58:27 +01:00
doc API layer documentation 2014-03-13 00:43:07 -04:00
etc Add enable_security_group to BigSwitch and OneConvergence ini files 2014-03-22 19:13:10 +09:00
neutron Prevent cross plugging router ports from other tenants 2014-03-27 14:18:58 +00:00
quantum Re-assign quantum.api module as last operation 2013-07-15 22:51:28 +02:00
tools Merge "Corrects broken format strings in check_i18n.py" 2014-01-07 14:11:59 +00:00
.coveragerc fix some missing change from quantum to neutron 2013-07-08 12:11:04 +08:00
.gitignore Updates .gitignore 2013-11-28 23:18:03 +08:00
.gitreview Rename quantum to neutron in .gitreview. 2013-07-06 12:25:09 -04:00
.mailmap mailmap: update .mailmap 2014-02-10 15:48:48 +09:00
.pylintrc Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
.testr.conf Add an explicit tox job for functional tests 2014-02-05 17:11:52 +00:00
HACKING.rst Cleanup HACKING.rst 2013-11-11 10:32:34 -08:00
LICENSE Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to 2011-08-08 12:31:04 -07:00
MANIFEST.in Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
README.rst Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
TESTING.rst Developer documentation 2014-02-26 11:03:46 -05:00
babel.cfg Use babel to generate translation file 2013-01-24 00:20:32 +08:00
openstack-common.conf Merge "Remove dependent module py3kcompat" 2014-02-23 06:30:59 +00:00
requirements.txt Updated from global requirements 2014-03-21 22:28:55 +00:00
run_tests.sh Merge "Don't document non-existing flag '--hide-elapsed'" 2014-02-22 04:05:04 +00:00
setup.cfg One Convergence Neutron Plugin l3 ext support 2014-03-06 21:50:55 +00:00
setup.py Updated from global requirements 2013-10-01 16:13:29 +00:00
test-requirements.txt Bugfix and refactoring for ovs_lib flow methods 2014-03-14 15:23:19 +02:00
tox.ini add HEAD sentinel file that contains migration revision 2014-03-19 12:40:29 -04:00

README.rst

# -- Welcome!

You have come across a cloud computing network fabric controller. It has identified itself as "Neutron." It aims to tame your (cloud) networking!

# -- External Resources:

The homepage for Neutron is: http://launchpad.net/neutron . Use this site for asking for help, and filing bugs. Code is available on github at <http://github.com/openstack/neutron>.

The latest and most in-depth documentation on how to use Neutron is available at: <http://docs.openstack.org>. This includes:

Neutron Administrator Guide http://docs.openstack.org/trunk/openstack-network/admin/content/

Neutron API Reference: http://docs.openstack.org/api/openstack-network/2.0/content/

The start of some developer documentation is available at: http://wiki.openstack.org/NeutronDevelopment

For help using or hacking on Neutron, you can send mail to <mailto:openstack-dev@lists.openstack.org>.