Marc McClain suggested a different approach and did not want to have the ebtables manager in its current form in the code. Since the remaining two patches now do not have a chance of being accepted any more, I am following Henry Gessau's recommendation: I am abandoning the remaining patches and assign this bug to Marc, who will propose and implement a different solution.
We will be happy to review the proposed new solution once we see a blueprint. The acceptance requirement is simply to have a platform independent solution, which prevents ARP cache poisoning on shared networks, as described in the bug report.
We had proposed a blueprint for a fix to this bug: https:/ /blueprints. launchpad. net/neutron/ +spec/arp- spoof-patch- ebtables
The fix was implemented and presented in the form of four patches. The first two have been accepted and merged:
https:/ /review. openstack. org/#/c/ 141130/ /review. openstack. org/#/c/ 157097/
https:/
The two remaining patches, which would have integrated the patch with the existing iptables code, however, were rejected:
https:/ /review. openstack. org/#/c/ 157634/ /review. openstack. org/#/c/ 158491/
https:/
Marc McClain suggested a different approach and did not want to have the ebtables manager in its current form in the code. Since the remaining two patches now do not have a chance of being accepted any more, I am following Henry Gessau's recommendation: I am abandoning the remaining patches and assign this bug to Marc, who will propose and implement a different solution.
We will be happy to review the proposed new solution once we see a blueprint. The acceptance requirement is simply to have a platform independent solution, which prevents ARP cache poisoning on shared networks, as described in the bug report.