neutron/doc/source/contributor/internals
Slawek Kaplonski 9ab5159d2d [OVS FW] Allow egress ICMPv6 only for know addresses
Before that patch it was possible to send ICMPv6 packets like e.g.
    neutron_lib.constants.ICMPV6_TYPE_MLD_QUERY,
    neutron_lib.constants.ICMPV6_TYPE_RS,
    neutron_lib.constants.ICMPV6_TYPE_NS,
    neutron_lib.constants.ICMPV6_TYPE_NA

And that could cause some security issues as instance could advertise
that it owns IPv6 address which really don't belong to it.

Now rules in table=71 which allows that traffic are "per mac/ipaddress"
and are allowed only for fixed ips allocated to port and port's
allowed_address_pairs.

Conflicts:
    neutron/agent/linux/openvswitch_firewall/firewall.py
    neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

Closes-Bug: #1902917
Change-Id: I4749fdc6a6cabd253b971bf4010ff76f5593c59c
(cherry picked from commit 4b5bcff64c)
2021-02-27 20:15:42 +00:00
..
images Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
address_scopes.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
agent_extensions.rst Track neutron-lib migration of agent extensions 2018-06-01 11:38:47 +00:00
api_extensions.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
api_layer.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
calling_ml2_plugin.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
db_layer.rst Merge "Tag mechanism supports resources with standard attribute" 2017-07-25 10:31:40 +00:00
db_models.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
dns_order.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
external_dns_integration.rst Update the documentation link for doc migration 2017-07-22 18:46:13 +09:00
i18n.rst Update the documentation link for doc migration 2017-07-22 18:46:13 +09:00
index.rst update contributor internals index 2017-08-24 13:55:41 -06:00
l2_agent_extensions.rst Use same instance of iptables_manager in L2 agent and extensions 2018-01-05 11:07:32 +01:00
l2_agents.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
l3_agent_extensions.rst Add a new method get_router_info to L3 agent extension API 2017-09-08 14:48:46 +09:00
layer3.rst Update the documentation links 2017-12-13 10:49:46 +00:00
linuxbridge_agent.rst Update the documentation links 2017-12-13 10:49:46 +00:00
live_migration.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
ml2_ext_manager.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
network_ip_availability.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
objects_usage.rst use object utils from neutron-lib 2018-06-11 11:10:53 -06:00
openvswitch_agent.rst Fixing hyperlink issue 2017-09-13 02:38:33 -07:00
openvswitch_firewall.rst [OVS FW] Allow egress ICMPv6 only for know addresses 2021-02-27 20:15:42 +00:00
ovs_vhostuser.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
plugin-api.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
policy.rst Add ext_parent policy check 2018-08-01 02:45:42 +08:00
provisioning_blocks.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
quality_of_service.rst [Docs] Update path to QoS API tempest tests 2018-03-26 22:19:30 +02:00
quota.rst doc for quota details extension 2017-09-11 08:52:20 -06:00
retries.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
rpc_api.rst Update the documentation link for doc migration 2017-07-22 18:46:13 +09:00
rpc_callbacks.rst Update the documentation link for doc migration 2017-07-22 18:46:13 +09:00
security_group_api.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
segments.rst Add segments service plug-in devref 2017-07-28 09:54:46 -07:00
service_extensions.rst Mark neutron-lbaas as deprecated 2018-01-31 16:13:45 -08:00
services_and_agents.rst Rearrange existing documentation to fit the new standard layout 2017-07-08 05:49:56 +00:00
sriov_nic_agent.rst Fix URL in SR-IOV internals doc 2017-12-13 14:19:15 -06:00
tag.rst remove tag and tag_ext extensions 2018-03-16 13:09:42 -06:00
upgrade.rst Update links in README 2018-06-12 16:32:55 +08:00