commit b33c16bb0e75015f3e75693d815cfd616c831112
Author: Kevin Benton <email address hidden>
Date: Fri Mar 25 04:47:28 2016 -0700
OVS: Add mac spoofing filtering to flows
The mac-spoofing filtering done by iptables was
not adequate. See the bug report and change
I39dc0e23fc118ede19ef2d986b29fc5a8e48ff78 for
more information.
This patch adds flows to the OVS agent to block
any traffic from the VM that isn't in the allowed
address pairs macs or the mac address field of
the port.
Conflicts:
neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_int.py
(no 'dump_flows_for' method so dump_flows had to be used with an additional
check of the in_port on existing rules)
Closes-Bug: #1558658
Change-Id: I02984b21872e0f183db7404c10d8180dbd89075f
(cherry picked from commit 997d7b03fb7f5528f0a3ce70867b9dcd9321509e)
Reviewed: https:/ /review. openstack. org/299026 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=b33c16bb0e7 5015f3e75693d81 5cfd616c831112
Committed: https:/
Submitter: Jenkins
Branch: stable/liberty
commit b33c16bb0e75015 f3e75693d815cfd 616c831112
Author: Kevin Benton <email address hidden>
Date: Fri Mar 25 04:47:28 2016 -0700
OVS: Add mac spoofing filtering to flows
The mac-spoofing filtering done by iptables was 118ede19ef2d986 b29fc5a8e48ff78 for
not adequate. See the bug report and change
I39dc0e23fc
more information.
This patch adds flows to the OVS agent to block
any traffic from the VM that isn't in the allowed
address pairs macs or the mac address field of
the port.
Conflicts: plugins/ ml2/drivers/ openvswitch/ agent/openflow/ ovs_ofctl/ br_int. py
neutron/
(no 'dump_flows_for' method so dump_flows had to be used with an additional
check of the in_port on existing rules)
Closes-Bug: #1558658 183db7404c10d81 80dbd89075f 8f0a3ce70867b9d cd9321509e)
Change-Id: I02984b21872e0f
(cherry picked from commit 997d7b03fb7f552