openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/agent/linux/openvswitch_firewall
History
Slawek Kaplonski 2231a9d40f [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 
Neighbor Advertisments are used to inform other machines of the MAC
address to use to reach an IPv6. This commits prevents VMs from
pretending they are assigned IPv6 they should not use.

It also prevents sending UDP packets with spoofed IP or MAC even using
DHCP(v6) request ports.

Co-authored-by: David Sinquin <david.sinquin@gandi.net>

Closes-bug: #1902917

Conflicts:
    neutron/agent/linux/openvswitch_firewall/firewall.py

Change-Id: Iffb6643359562487414460f5a7e19a7fae9f935c
(cherry picked from commit ca7822e210)
 		2021-05-19 11:35:21 +02:00
..
__init__.py Open vSwitch conntrack based firewall driver 2016-02-16 16:47:21 +00:00
constants.py remove neutron.common.constants 2019-04-04 14:10:26 -06:00
exceptions.py ovsfw: Don't create rules if updated port doesn't exist 2018-01-05 16:28:18 +00:00
firewall.py [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 2021-05-19 11:35:21 +02:00
iptables.py remove neutron.common.constants 2019-04-04 14:10:26 -06:00
rules.py Revert "[Security] fix allowed-address-pair 0.0.0.0/0 issue" 2021-01-20 17:02:06 +01:00