Comment 10 for bug 1884341

Brian: I gather the theory is that by encapsulating the spoofed datagram's frame within one or more 802.1q layers setting VLAN=0, the source MAC filtering applied at layer 2 with ebtables can be bypassed (assuming VLAN trunks are allowed to the instance at all).

More generally, I do think that if neither the reporter nor the project's developers are successful at reproducing this theoretical exploit, we should consider switching the bug to Public immediately (or at least as soon as LXD and any other communities where actual exploits have been found for this are also publicly acknowledging it).