OpenStack Networking (Neutron)
Go to file
Slawek Kaplonski 9f4a9f8f86 [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses
Neighbor Advertisments are used to inform other machines of the MAC
address to use to reach an IPv6. This commits prevents VMs from
pretending they are assigned IPv6 they should not use.

It also prevents sending UDP packets with spoofed IP or MAC even using
DHCP(v6) request ports.

Co-authored-by: David Sinquin <david.sinquin@gandi.net>

Closes-bug: #1902917

Conflicts:
    neutron/agent/linux/openvswitch_firewall/firewall.py

Change-Id: Iffb6643359562487414460f5a7e19a7fae9f935c
(cherry picked from commit ca7822e210)
2021-05-24 11:03:42 +00:00
api-ref Fix some typos 2016-06-28 22:46:19 +02:00
bin Use os-xenapi for neutron when XenServer as hypervisor 2017-03-30 18:33:37 +00:00
devstack Add port_forwarding to devstack plugin 2019-05-27 10:47:32 +00:00
doc [OVS FW] Allow egress ICMPv6 only for know addresses 2021-02-27 20:15:42 +00:00
etc Workaround for TCP checksum issue with ovs-dpdk and veth pair 2021-03-02 08:54:54 -03:00
neutron [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 2021-05-24 11:03:42 +00:00
playbooks/legacy Fix rocky gates, multiple fixes 2020-07-03 12:44:37 +02:00
rally-jobs [rally] Port custom plugins to use proper code 2018-05-18 00:25:35 +03:00
releasenotes ovs firewall: fix mac learning on the ingress rule table when ovs offload enabled 2020-10-24 01:01:07 +00:00
tools Merge "Switch to stestr" 2018-06-07 02:24:02 +00:00
.coveragerc Cleanup coverage configuration 2016-10-17 17:06:19 +05:30
.gitignore Switch to stestr 2018-06-02 13:03:33 +02:00
.gitreview OpenDev Migration Patch 2019-04-19 19:39:02 +00:00
.mailmap Add mailmap entry 2014-05-16 13:40:04 -04:00
.pylintrc Update pylint disable list to pass pylint 1.7.1 checks 2017-06-08 09:49:46 +00:00
.stestr.conf Fix post gate hook to accommodate for new os-testr 2017-09-12 14:20:12 -06:00
.zuul.yaml Dropping lower constraints testing (stable Rocky) 2021-01-12 15:51:21 +00:00
CONTRIBUTING.rst Update link for contribution 2017-08-31 16:44:51 +02:00
HACKING.rst Update the documentation link for doc migration 2017-07-22 18:46:13 +09:00
LICENSE Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to 2011-08-08 12:31:04 -07:00
README.rst Add release notes link in README 2018-07-10 15:40:00 +07:00
TESTING.rst Docs: Fix wrong stestr argument 2018-07-17 09:45:43 +00:00
babel.cfg Use babel to generate translation file 2013-01-24 00:20:32 +08:00
bindep.txt Add libffi-dev to bindep.txt 2017-06-13 19:26:49 +00:00
requirements.txt metadata: use requests for comms with nova api 2018-09-04 10:04:47 +01:00
setup.cfg Add enforcer logic for neutron policy 2019-03-25 16:07:51 -04:00
setup.py Updated from global requirements 2017-03-04 11:19:58 +00:00
test-requirements.txt Cap pycodestyle to be < 2.6.0 2020-05-13 17:41:04 +02:00
tox.ini Dropping lower constraints testing (stable Rocky) 2021-01-12 15:51:21 +00:00

README.rst

Team and repository tags

image

Welcome!

To learn more about neutron:

Get in touch via email. Use [Neutron] in your subject.

To learn how to contribute:

CONTRIBUTING.rst