![]() ARP cache poisoning is not actually prevented by the firewall driver 'iptables_firewall'. We are adding the use of the ebtables command - with a corresponding ebtables-driver - in order to create Ethernet frame filtering rules, which prevent the sending of ARP cache poisoning frames. The complete patch is broken into a set of smaller patches for easier review. This patch here is th first of the series and includes the low-level ebtables integration, unit and functional tests. Note: This commit is based greatly on an original, now abandoned patch, presented for review here: https://review.openstack.org/#/c/70067/ Full spec can be found here: https://review.openstack.org/#/c/129090/ SecurityImpact Change-Id: I9ef57a86b1a1c1fa4ba1a034c920f23cb40072c0 Implements: blueprint arp-spoof-patch-ebtables Related-Bug: 1274034 Co-Authored-By: jbrendel <jbrendel@cisco.com> |
||
---|---|---|
.. | ||
__init__.py | ||
checks.py |