openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Juergen Brendel f77c17ef99 ARP spoofing patch: Data structures for rules. 
ARP cache poisoning is not actually prevented by the firewall
driver 'iptables_firewall'. We are adding the use of the ebtables
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.

The complete patch is broken into smaller patch sets for easier review.

This patch set here includes the some classes for the maintenance of ebtable
chains and rules.

Note:
    This commit is based greatly on an original, now abandoned patch,
    presented for review here:

        https://review.openstack.org/#/c/70067/

Full spec can be found here: https://review.openstack.org/#/c/129090/

SecurityImpact

Change-Id: I3c66e92cbe8883dcad843ad243388def3a96dbe5
Implements: blueprint arp-spoof-patch-ebtables
Related-Bug: 1274034
Co-Authored-By: jbrendel <jbrendel@cisco.com>
 		2015-05-08 08:23:35 +12:00
..
agent ARP spoofing patch: Data structures for rules. 2015-05-08 08:23:35 +12:00
api Don't update port with host id of None 2015-04-25 10:17:07 -07:00
callbacks Merge "Change callbacks logging from INFO to DEBUG" 2015-04-23 17:45:35 +00:00
cmd ARP spoofing patch: Low level ebtables integration 2015-04-22 09:32:02 +12:00
common Fix _device_to_port_id for non-tap devices 2015-04-29 14:53:43 +00:00
db Allow to define enable_snat default value 2015-05-07 00:10:50 +02:00
debug Migrate to oslo.log 2015-03-12 11:22:56 +01:00
extensions Add icmpv6 to sg_supported_protocols 2015-04-28 17:11:21 +00:00
hacking Migrate to oslo.log 2015-03-12 11:22:56 +01:00
ipam Simple subnetpool allocation quotas 2015-03-31 20:56:31 +00:00
locale Imported Translations from Transifex 2015-05-04 06:08:30 +00:00
notifiers Reuse nova batch notifier 2015-03-20 13:55:08 +00:00
openstack Drop use of 'oslo' namespace package 2015-04-28 22:08:39 +00:00
plugins Merge "Use iptables zone to separate different ip_conntrack" 2015-05-07 02:10:45 +00:00
scheduler OOP cleanup: start protected method names with underscore 2015-04-08 00:24:43 +04:00
server Migrate to oslo.log 2015-03-12 11:22:56 +01:00
services Merge "Add block name to switch config options for MLX plug-ins." 2015-04-24 01:09:06 +00:00
tests ARP spoofing patch: Data structures for rules. 2015-05-08 08:23:35 +12:00
__init__.py Revert "monkey patch stdlib before importing other modules" 2015-02-11 17:26:33 -08:00
auth.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
context.py Context: is_admin==True implies is_advsvc=True 2015-04-30 10:37:24 -07:00
hooks.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00
i18n.py oslo: migrate to namespace-less import paths 2015-02-05 15:09:32 +01:00
manager.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
neutron_plugin_base_v2.py Basic subnetpool CRUD 2015-03-18 22:53:50 -07:00
policy.py Remove backward compatibility for check_is_admin 2015-04-23 07:10:34 -07:00
quota.py Deprecate config-based Quota Driver 2015-05-01 16:32:23 -07:00
service.py Merge "Handle SIGHUP in dhcp and l3 agents" 2015-04-28 10:55:24 +00:00
version.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00
wsgi.py Refactor socket ssl wrapping 2015-04-24 13:21:49 +03:00