ARP cache poisoning is not actually prevented by the firewall
driver 'iptables_firewall'. We are adding the use of the ebtables
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.
The complete patch is broken into a set of smaller patches for easier review.
This patch here is th first of the series and includes the low-level ebtables
integration, unit and functional tests.
Note:
This commit is based greatly on an original, now abandoned patch,
presented for review here:
Reviewed: https:/ /review. openstack. org/141130 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=2414834ffeb 8ba7ce2401236d0 1c88702fec5a14
Committed: https:/
Submitter: Jenkins
Branch: master
commit 2414834ffeb8ba7 ce2401236d01c88 702fec5a14
Author: Édouard Thuleau <email address hidden>
Date: Tue Feb 10 13:43:34 2015 +1300
ARP spoofing patch: Low level ebtables integration
ARP cache poisoning is not actually prevented by the firewall firewall' . We are adding the use of the ebtables
driver 'iptables_
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.
The complete patch is broken into a set of smaller patches for easier review.
This patch here is th first of the series and includes the low-level ebtables
integration, unit and functional tests.
Note:
This commit is based greatly on an original, now abandoned patch,
presented for review here:
https:/ /review. openstack. org/#/c/ 70067/
Full spec can be found here:
https:/ /review. openstack. org/#/c/ 129090/
SecurityImpact
Change-Id: I9ef57a86b1a1c1 fa4ba1a034c920f 23cb40072c0 patch-ebtables
Implements: blueprint arp-spoof-
Related-Bug: 1274034
Co-Authored-By: jbrendel <email address hidden>