neutron

  1. Bug #1274034
  2. Comment #40

Comment 40 for bug 1274034

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.openstack.org/141130
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=2414834ffeb8ba7ce2401236d01c88702fec5a14
Submitter: Jenkins
Branch: master

commit 2414834ffeb8ba7ce2401236d01c88702fec5a14
Author: Édouard Thuleau <email address hidden>
Date: Tue Feb 10 13:43:34 2015 +1300

    ARP spoofing patch: Low level ebtables integration

    ARP cache poisoning is not actually prevented by the firewall
    driver 'iptables_firewall'. We are adding the use of the ebtables
    command - with a corresponding ebtables-driver - in order to create
    Ethernet frame filtering rules, which prevent the sending of ARP
    cache poisoning frames.

    The complete patch is broken into a set of smaller patches for easier review.

    This patch here is th first of the series and includes the low-level ebtables
    integration, unit and functional tests.

    Note:
        This commit is based greatly on an original, now abandoned patch,
        presented for review here:

            https://review.openstack.org/#/c/70067/

        Full spec can be found here:

            https://review.openstack.org/#/c/129090/

    SecurityImpact

    Change-Id: I9ef57a86b1a1c1fa4ba1a034c920f23cb40072c0
    Implements: blueprint arp-spoof-patch-ebtables
    Related-Bug: 1274034
    Co-Authored-By: jbrendel <email address hidden>