Don't allow tenants to use the allowed address pairs extension
when they are attaching a port to a network that does not belong
to them.
This is done because allowed address pairs can allow things like
ARP spoofing and all tenants attached to a shared network might not
implicitly trust each other.
Change-Id: Ie6c3e8ad04103804e40f2b043202387385e62ca5
Closes-Bug: #1447242
(cherry picked from commit 927399c011409b7d152b7670b896f15eee7d0db3)
Reviewed: https:/ /review. openstack. org/181158 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=4c9a4bf337b 27a8cc85dd97ab4 03f348b6efeb88
Committed: https:/
Submitter: Jenkins
Branch: stable/kilo
commit 4c9a4bf337b27a8 cc85dd97ab403f3 48b6efeb88
Author: Kevin Benton <email address hidden>
Date: Tue Apr 21 02:01:39 2015 -0700
Block allowed address pairs on other tenants' net
Don't allow tenants to use the allowed address pairs extension
when they are attaching a port to a network that does not belong
to them.
This is done because allowed address pairs can allow things like
ARP spoofing and all tenants attached to a shared network might not
implicitly trust each other.
Change-Id: Ie6c3e8ad041038 04e40f2b0432023 87385e62ca5 d152b7670b896f1 5eee7d0db3)
Closes-Bug: #1447242
(cherry picked from commit 927399c011409b7