neutron

  1. Bug #1534652
  2. Comment #22

Comment 22 for bug 1534652

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/liberty)

Reviewed: https://review.openstack.org/291275
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ccdfd17666698b81074ead89dc865949074295e5
Submitter: Jenkins
Branch: stable/liberty

commit ccdfd17666698b81074ead89dc865949074295e5
Author: Dustin Lundquist <email address hidden>
Date: Thu Jan 14 23:04:43 2016 -0800

    Prevent binding IPv6 addresses to Neutron interfaces

    Explicitly disable IPv6 on Neutron created interfaces in the default
    namespace before setting link up. Since the default behavior of IPv6 is
    to bind to all interfaces as opposed to IPv4 where an address must be
    explicitly configured we disable IPv6 on each interface before enabling
    the interface. This avoids leaving a time window between when the
    interface is enabled and when it is attached to bridge device during
    which the host could be access from a tenant network.

    Move disable_ipv6() from BridgeDevice to base IPDevice class so it is
    usable by all interfaces. Then we explicitly disable IPv6 on veth
    interfaces in the default namespaces and VXLAN and VLAN interfaces
    created by the LinuxBridge agent.

    In addition vlan interface is moved from LinuxBridgeManager to IPWrapper
    so it can return an IPDevice object.

    Conflicts:
     neutron/agent/linux/bridge_lib.py
     neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py

    Closes-Bug: #1534652
    Change-Id: Id879075f2d5ee42f8ff153e813e7519a4424447b
    (cherry picked from commit fc8ebae0351f5b6596951cdfc5cb4259501d84f2)