openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/agent/linux
History
Slawek Kaplonski 9f4a9f8f86 [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 
Neighbor Advertisments are used to inform other machines of the MAC
address to use to reach an IPv6. This commits prevents VMs from
pretending they are assigned IPv6 they should not use.

It also prevents sending UDP packets with spoofed IP or MAC even using
DHCP(v6) request ports.

Co-authored-by: David Sinquin <david.sinquin@gandi.net>

Closes-bug: #1902917

Conflicts:
    neutron/agent/linux/openvswitch_firewall/firewall.py

Change-Id: Iffb6643359562487414460f5a7e19a7fae9f935c
(cherry picked from commit ca7822e210)
 		2021-05-24 11:03:42 +00:00
..
openvswitch_firewall [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 2021-05-24 11:03:42 +00:00
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
async_process.py Add kill_timeout to AsyncProcess 2019-01-04 11:44:23 +01:00
bridge_lib.py LinuxBridge: Use ifindex for logical 'timestamp' 2016-09-14 17:02:46 +00:00
daemon.py Remove argument "watch_log = " 2017-10-13 09:42:48 +08:00
dhcp.py Do not fail deleting namespace if it does not exist 2020-09-22 10:46:32 +02:00
dibbler.py use PROVISIONAL_IPV6_PD_PREFIX from neutron-lib 2017-11-14 12:26:43 -07:00
ethtool.py Workaround for TCP checksum issue with ovs-dpdk and veth pair 2021-03-02 08:54:54 -03:00
external_process.py Check dnsmasq process is active when spawned 2020-04-07 20:09:41 +00:00
interface.py Workaround for TCP checksum issue with ovs-dpdk and veth pair 2021-03-02 08:54:54 -03:00
ip_conntrack.py [OVS FW] Clean conntrack entries with mark == CT_MARK_INVALID 2021-02-23 14:44:27 +01:00
ip_lib.py Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs 2020-09-18 12:53:42 +02:00
ip_link_support.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
ip_monitor.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
ipset_manager.py Revert "[Security] fix allowed-address-pair 0.0.0.0/0 issue" 2020-11-17 14:34:03 +00:00
iptables_comments.py Iptables firewall driver adds forward rules for trusted ports 2018-03-06 10:13:44 +01:00
iptables_firewall.py Revert "[Security] fix allowed-address-pair 0.0.0.0/0 issue" 2020-11-17 14:34:03 +00:00
iptables_manager.py Packets getting lost during SNAT with too many connections 2019-06-04 23:23:07 +00:00
keepalived.py Add 'keepalived_use_no_track' config option 2020-08-25 10:27:05 +02:00
l3_tc_lib.py Support iproute2 4.15 in l3_tc_lib 2020-04-14 07:40:42 +00:00
ovsdb_monitor.py ovsdb monitor: do not die on ovsdb-client stderr output 2018-09-17 10:16:32 +02:00
pd.py Handle properly existing LLA address during l3 agent restart 2020-08-27 20:48:18 +00:00
pd_driver.py use PROVISIONAL_IPV6_PD_PREFIX from neutron-lib 2017-11-14 12:26:43 -07:00
polling.py Support ovsdb-client monitor with remote connection 2017-01-17 06:00:58 -08:00
ra.py Add radvd_user config option 2019-10-24 15:59:03 +00:00
tc_lib.py Fix all pep8 E265 errors 2018-04-30 16:35:52 -04:00
utils.py Fix race condition when getting cmdline 2019-11-24 14:33:32 +00:00
xenapi_root_helper.py Fix all pep8 E129 errors 2018-05-03 13:44:04 +09:00