openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Jens Harbott a7afd6e86d Secure dnsmasq process against external abuse 
Currently any dhcp agent instance will work as an open resolver. For
deployments using publicly routed addresses for tenant networks, this
allows the agent being abused in dDoS attacks, see [1].

By setting the `--local-service` option dnsmasq will filter DNS queries
and reply only to queries from directly attached networks.

[1] https://bugs.launchpad.net/neutron/+bug/1501206

Conflicts:
    neutron/cmd/sanity_check.py

Closes-Bug: 1501206
Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e
(cherry picked from commit 0fce3ca2c1)
 		2019-02-01 09:07:14 +00:00
..
agent Secure dnsmasq process against external abuse 2019-02-01 09:07:14 +00:00
api Block port update from unbound DHCP agent 2018-12-18 11:11:35 +00:00
cmd Secure dnsmasq process against external abuse 2019-02-01 09:07:14 +00:00
common Allow Ipv6 addresses for nova_metadata_host 2018-10-13 07:14:05 +00:00
conf Implement filter validation 2018-07-19 04:13:43 +00:00
core_extensions Refactor duplicated implementation of _get_policy_obj 2018-06-20 09:51:02 +08:00
db Update neutron files for new over-indentation hacking rule (E117) 2019-01-30 20:05:18 +03:00
debug Fix all pep8 E265 errors 2018-04-30 16:35:52 -04:00
extensions [server side] Expose port forwardings in FIP API 2018-07-27 17:25:10 +08:00
hacking use sqla functions from neutron-lib 2018-07-25 21:04:20 +00:00
ipam Fetch specific columns rather than full ORM entities 2018-09-27 16:28:37 +00:00
locale Imported Translations from Zanata 2018-11-30 09:16:33 +00:00
notifiers Fix W503 pep8 warnings 2018-04-17 14:22:58 +00:00
objects Update neutron files for new over-indentation hacking rule (E117) 2019-01-30 20:05:18 +03:00
pecan_wsgi Implement filter validation 2018-07-19 04:13:43 +00:00
plugins Update neutron files for new over-indentation hacking rule (E117) 2019-01-30 20:05:18 +03:00
privileged Update neutron files for new over-indentation hacking rule (E117) 2019-01-30 20:05:18 +03:00
quota Fetch specific columns rather than full ORM entities 2018-09-27 16:28:37 +00:00
scheduler Fetch specific columns rather than full ORM entities 2018-09-27 16:28:37 +00:00
server Allow neutron-api load config from WSGI process 2018-07-25 15:22:14 +07:00
services Do not delete trunk bridges if service port attached 2018-12-17 12:18:44 +00:00
tests Secure dnsmasq process against external abuse 2019-02-01 09:07:14 +00:00
__init__.py
_i18n.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
auth.py Use oslo.context class method to construct context object 2017-03-23 09:02:46 +00:00
manager.py Implement filter validation 2018-07-19 04:13:43 +00:00
neutron_plugin_base_v2.py Do not load default service plugins if core plugin is not DB based 2017-11-09 20:34:52 +00:00
opts.py Merge "Remove deprecated cache_url" 2018-01-03 06:35:59 +00:00
policy.py Add ext_parent policy check 2018-08-01 02:45:42 +08:00
service.py Allow neutron-api load config from WSGI process 2018-07-25 15:22:14 +07:00
version.py
worker.py replace WorkerSupportServiceMixin with neutron-lib's WorkerBase 2017-06-14 06:56:48 -06:00
wsgi.py Fix all pep8 E265 errors 2018-04-30 16:35:52 -04:00