neutron

  1. Bug #1274034
  2. Comment #41

Comment 41 for bug 1274034

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.openstack.org/157097
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f77c17ef9993ea8c545dc044ad2ac013a28dbc22
Submitter: Jenkins
Branch: master

commit f77c17ef9993ea8c545dc044ad2ac013a28dbc22
Author: Juergen Brendel <email address hidden>
Date: Thu Feb 26 13:51:04 2015 +1300

    ARP spoofing patch: Data structures for rules.

    ARP cache poisoning is not actually prevented by the firewall
    driver 'iptables_firewall'. We are adding the use of the ebtables
    command - with a corresponding ebtables-driver - in order to create
    Ethernet frame filtering rules, which prevent the sending of ARP
    cache poisoning frames.

    The complete patch is broken into smaller patch sets for easier review.

    This patch set here includes the some classes for the maintenance of ebtable
    chains and rules.

    Note:
        This commit is based greatly on an original, now abandoned patch,
        presented for review here:

            https://review.openstack.org/#/c/70067/

    Full spec can be found here: https://review.openstack.org/#/c/129090/

    SecurityImpact

    Change-Id: I3c66e92cbe8883dcad843ad243388def3a96dbe5
    Implements: blueprint arp-spoof-patch-ebtables
    Related-Bug: 1274034
    Co-Authored-By: jbrendel <email address hidden>