openstack
/
neutron
Code Issues Proposed changes
OpenStack Networking (Neutron)
9,309 Commits 9 Branches 75 Tags 1,009 MiB
Python 99.5%
Shell 0.4%
Jinja 0.1%
Go to file
Kevin Benton aa7356b729 Add simple ARP spoofing protection 
Adds an option to setup OVS rules that will prevent
ports attached to the agent from sending any ARP responses
that contain an IP address not belonging to the port
(in fixed IPs or allowed_address_pairs).

It is disabled by default and requires an OVS version that
can match on ARP fields. If it is too old, traffic will
still flow but it won't have ARP spoofing protection.
There is a sanity check to verify that ARP header matching
is supported.

This prevention is specific to OVS so it will not help with
other plugins that use the reference iptables filtering. A
non-OVS-specific general approach will require something like
the ebtables integration in Ibc6d3d520c1383cf7e00f4bdeb7853a41ac4b14b.

Details:
A new table is added for ARP spoofing prevention. All ARP traffic
on the local switching table is sent to this spoofing table.
The spoofing table will allow all ARP requests because we aren't
interested in them. It will then install an ARP response allow rule
for each IP address the port is assigned. All other ARP responses are
dropped.

DocImpact
SecurityImpact
Partial-Bug: #1274034

Change-Id: I7c079b779245a0af6bc793564fa8a560e4226afe
 		2015-03-29 20:57:07 -07:00
bin adopt namespace-less oslo imports 2015-02-20 17:36:47 -08:00
doc Update core reviewer responsibilities 2015-04-01 14:02:39 +00:00
etc Add simple ARP spoofing protection 2015-03-29 20:57:07 -07:00
neutron Add simple ARP spoofing protection 2015-03-29 20:57:07 -07:00
rally-jobs Run more Rally benchmark on every patch 2015-03-18 10:38:44 +00:00
tools Remove check for bash usage 2015-04-07 15:15:33 +00:00
.coveragerc Update .coveragerc after the removal of Cisco Nexus monolithic plugin 2015-03-31 02:25:06 +00:00
.gitignore Add support for retargetable functional api testing 2015-01-06 02:37:59 +00:00
.gitreview Rename quantum to neutron in .gitreview. 2013-07-06 12:25:09 -04:00
.mailmap Add mailmap entry 2014-05-16 13:40:04 -04:00
.pylintrc Remove 'free' exclusions from pylint 2015-03-06 09:37:00 -05:00
.testr.conf Add an explicit tox job for functional tests 2014-02-05 17:11:52 +00:00
CONTRIBUTING.rst Workflow documentation is now in infra-manual 2014-12-05 03:30:37 +00:00
HACKING.rst oslo: migrate to namespace-less import paths 2015-02-05 15:09:32 +01:00
LICENSE Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to 2011-08-08 12:31:04 -07:00
MANIFEST.in Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
README.rst Updated the README.rst 2014-12-02 14:33:30 -06:00
TESTING.rst Enhance TESTING.rst 2015-04-07 16:17:21 +00:00
babel.cfg Use babel to generate translation file 2013-01-24 00:20:32 +08:00
openstack-common.conf Migrate to oslo.log 2015-03-12 11:22:56 +01:00
requirements.txt Updated from global requirements 2015-03-21 00:10:47 +00:00
run_tests.sh Remove check for bash usage 2015-04-07 15:15:33 +00:00
setup.cfg Reorganize unit test tree 2015-04-06 23:28:31 +00:00
setup.py Updated from global requirements 2014-04-30 02:41:29 +00:00
test-requirements.txt Updated from global requirements 2015-03-21 00:10:47 +00:00
tox.ini Remove check for bash usage 2015-04-07 15:15:33 +00:00

README.rst

Welcome!

You have come across a cloud computing network fabric controller. It has identified itself as "Neutron." It aims to tame your (cloud) networking!

External Resources:

The homepage for Neutron is: http://launchpad.net/neutron. Use this site for asking for help, and filing bugs. Code is available on git.openstack.org at <http://git.openstack.org/cgit/openstack/neutron>.

The latest and most in-depth documentation on how to use Neutron is available at: <http://docs.openstack.org>. This includes:

Neutron Administrator Guide

http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html

Neutron API Reference:

http://docs.openstack.org/api/openstack-network/2.0/content/

Current Neutron developer documentation is available at:

http://wiki.openstack.org/NeutronDevelopment

For help on usage and hacking of Neutron, please send mail to <mailto:openstack-dev@lists.openstack.org>.

For information on how to contribute to Neutron, please see the contents of the CONTRIBUTING.rst file.