openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/tests/unit/agent/linux
History
Slawek Kaplonski 7b1f0dd1ae [OVS FW] Allow egress ICMPv6 only for know addresses 
Before that patch it was possible to send ICMPv6 packets like e.g.
    neutron_lib.constants.ICMPV6_TYPE_MLD_QUERY,
    neutron_lib.constants.ICMPV6_TYPE_RS,
    neutron_lib.constants.ICMPV6_TYPE_NS,
    neutron_lib.constants.ICMPV6_TYPE_NA

And that could cause some security issues as instance could advertise
that it owns IPv6 address which really don't belong to it.

Now rules in table=71 which allows that traffic are "per mac/ipaddress"
and are allowed only for fixed ips allocated to port and port's
allowed_address_pairs.

Conflicts:
    neutron/agent/linux/openvswitch_firewall/firewall.py
    neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

Closes-Bug: #1902917
Change-Id: I4749fdc6a6cabd253b971bf4010ff76f5593c59c
(cherry picked from commit 4b5bcff64c)
 		2021-02-27 21:17:05 +01:00
..
openvswitch_firewall [OVS FW] Allow egress ICMPv6 only for know addresses 2021-02-27 21:17:05 +01:00
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
failing_process.py Keep reading stdout/stderr until after kill 2015-11-19 19:14:13 +02:00
test_async_process.py Add kill_timeout to AsyncProcess 2019-01-04 10:46:44 +00:00
test_bridge_lib.py Fix UT BridgeLibTest when IPv6 is disabled 2018-07-13 16:07:38 +00:00
test_daemon.py Use bytes for python3 friendly os.write 2017-02-02 18:59:03 -08:00
test_dhcp.py Do not fail deleting namespace if it does not exist 2020-09-22 08:49:33 +00:00
test_external_process.py Check dnsmasq process is active when spawned 2020-04-07 20:10:15 +00:00
test_interface.py Allow usage of legacy 3rd-party interface drivers 2020-05-21 08:43:44 +00:00
test_ip_conntrack.py Move conntrack zones to IPTablesFirewall 2017-03-30 14:54:51 -07:00
test_ip_lib.py Do not fail deleting namespace if it does not exist 2020-09-22 08:49:33 +00:00
test_ip_link_support.py sriov: implement spoofchecking configuration 2015-07-29 19:38:25 +02:00
test_ip_monitor.py Introduce ip address monitor 2015-03-03 20:06:14 -05:00
test_ipset_manager.py Revert "[Security] fix allowed-address-pair 0.0.0.0/0 issue" 2020-11-17 14:34:08 +00:00
test_iptables_firewall.py Revert "[Security] fix allowed-address-pair 0.0.0.0/0 issue" 2020-11-17 14:34:08 +00:00
test_iptables_manager.py Fix neutron-openvswitch-agent Windows support 2018-11-23 17:13:42 +02:00
test_keepalived.py Use flake8-import-order plugin 2017-07-05 03:15:27 +00:00
test_l3_tc_lib.py Support iproute2 4.15 in l3_tc_lib 2020-04-14 07:40:51 +00:00
test_ovsdb_monitor.py Ensure ovsdb_connection enabled before calling monitor 2017-03-06 22:19:18 +00:00
test_pd.py Ensure fip ip rules deleted when fip removed 2020-09-08 16:10:17 +01:00
test_polling.py Ensure ovsdb_connection enabled before calling monitor 2017-03-06 22:19:18 +00:00
test_tc_lib.py Fix ingress bw limit for OVS DPDK ports 2018-01-15 13:19:14 +00:00
test_utils.py Check if process' cmdline is "space separarated" 2019-03-27 09:44:07 +00:00
test_xenapi_root_helper.py Use os-xenapi for neutron when XenServer as hypervisor 2017-03-30 18:33:37 +00:00