Don't allow tenants to use the allowed address pairs extension
when they are attaching a port to a network that does not belong
to them.
This is done because allowed address pairs can allow things like
ARP spoofing and all tenants attached to a shared network might not
implicitly trust each other.
Reviewed: https:/ /review. openstack. org/176429 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=927399c0114 09b7d152b7670b8 96f15eee7d0db3
Committed: https:/
Submitter: Jenkins
Branch: master
commit 927399c011409b7 d152b7670b896f1 5eee7d0db3
Author: Kevin Benton <email address hidden>
Date: Tue Apr 21 02:01:39 2015 -0700
Block allowed address pairs on other tenants' net
Don't allow tenants to use the allowed address pairs extension
when they are attaching a port to a network that does not belong
to them.
This is done because allowed address pairs can allow things like
ARP spoofing and all tenants attached to a shared network might not
implicitly trust each other.
Change-Id: Ie6c3e8ad041038 04e40f2b0432023 87385e62ca5
Closes-Bug: #1447242