OpenStack Security Advisory

  1. Bug #1558658
  2. Comment #48

Comment 48 for bug 1558658

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/kilo)

Reviewed: https://review.openstack.org/299028
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d48147b0fc192c49646951294479573e4ed9ae78
Submitter: Jenkins
Branch: stable/kilo

commit d48147b0fc192c49646951294479573e4ed9ae78
Author: Kevin Benton <email address hidden>
Date: Mon Mar 28 22:21:53 2016 -0700

    OVS: Add mac spoofing filtering to flows

    The mac-spoofing filtering done by iptables was
    not adequate. See the bug report and change
    I39dc0e23fc118ede19ef2d986b29fc5a8e48ff78 for
    more information.

    This patch adds flows to the OVS agent to block
    any traffic from the VM that isn't in the allowed
    address pairs macs or the mac address field of
    the port.

    Conflicts:
        This had to be heavily modified to work with Kilo due to
        the lack of a pluggable openflow interface that was present
        in master, mitaka, and liberty.

    Closes-Bug: #1558658
    Change-Id: I02984b21872e0f183db7404c10d8180dbd89075f
    (cherry-picked from 997d7b03fb7f5528f0a3ce70867b9dcd9321509e)