]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commit
Code Review / openstack-build / neutron-build.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 548f323) | patch
Add IPv6 Address Resolution protection
authorsridhargaddam <sridhar.gaddam@enovance.com>
Tue, 14 Jul 2015 16:18:06 +0000 (16:18 +0000)
committersridhargaddam <sridhar.gaddam@enovance.com>
Tue, 15 Sep 2015 12:24:10 +0000 (12:24 +0000)
commit17765114292217d109c15b220be57fea6c9eed4a
tree223db020994751c86d9c94767770987b2b7b85e1tree | snapshot
parent548f323f594d6b3e43ad0e16deced9fc491e1e60commit | diff
Add IPv6 Address Resolution protection

Similar to IPv4 arp protection support, this patch adds the necessary OVS
rules to prevent ports attached to agent from sending any icmpv6 neighbor
advertisement messages that contain an IPv6 address not belonging to the port.

For details please refer to "Figure 3. Attack against IPv6 Address Resolution"
http://www.cisco.com/web/about/security/intelligence/ipv6_first_hop.html

DocImpact
SecurityImpact

Closes-Bug: #1491690
Change-Id: I1f8311f1b9ae1be02afde3e9078e49c6da373a88
neutron/cmd/sanity/checks.py diff | blob | history
neutron/cmd/sanity_check.py diff | blob | history
neutron/common/constants.py diff | blob | history
neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py diff | blob | history
neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_int.py diff | blob | history
neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py diff | blob | history
neutron/tests/functional/agent/test_ovs_flows.py diff | blob | history
neutron/tests/functional/sanity/test_sanity.py diff | blob | history
neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/native/test_br_int.py diff | blob | history
neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/test_br_int.py diff | blob | history
neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py diff | blob | history