openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/agent
History
Slawek Kaplonski ccea0021bc [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 
Neighbor Advertisments are used to inform other machines of the MAC
address to use to reach an IPv6. This commits prevents VMs from
pretending they are assigned IPv6 they should not use.

It also prevents sending UDP packets with spoofed IP or MAC even using
DHCP(v6) request ports.

Co-authored-by: David Sinquin <david.sinquin@gandi.net>

Closes-bug: #1902917

Conflicts:
    neutron/agent/linux/openvswitch_firewall/firewall.py

Change-Id: Iffb6643359562487414460f5a7e19a7fae9f935c
(cherry picked from commit ca7822e210)
 		2021-05-24 13:24:02 +02:00
..
common Merge "Fix multicast traffic with IGMP snooping enabled" into stable/queens 2021-04-13 04:10:04 +00:00
dhcp Don't configure dnsmasq entries for "network" ports 2021-03-08 09:01:44 +00:00
l2 Clear residual qos rules after l2-agent restarts. 2019-01-24 06:43:01 +00:00
l3 Fix deletion of rfp interfaces when router is re-enabled 2021-03-17 08:46:23 +00:00
linux [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 2021-05-24 13:24:02 +02:00
metadata Remove extra header fields in proxied metadata requests 2020-03-03 20:11:49 +00:00
ovsdb Merge "Fixes using SSL OVSDB connection" 2018-02-09 09:04:26 +00:00
windows windows: fix terminating processes 2020-10-09 09:41:34 +00:00
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
agent_extension.py Generalize agent extension mechanism 2016-07-19 13:45:22 +00:00
agent_extensions_manager.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
dhcp_agent.py Change ip_lib network namespace code to use pyroute2 2017-10-04 21:09:28 +00:00
firewall.py [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 2021-05-24 13:24:02 +02:00
l3_agent.py Refactoring agent linux&ovsdb config 2017-08-25 10:41:39 -04:00
metadata_agent.py Remove deprecated cache_url 2017-11-10 00:47:19 -05:00
resource_cache.py Merge "Fix race condition with enabling SG on many ports at once" 2018-01-27 10:36:37 +00:00
rpc.py Do not call update_device_list in large sets 2019-04-12 20:07:04 +00:00
securitygroups_rpc.py Add accepted egress direct flow 2020-02-25 07:32:29 +08:00