Comment 44 for bug 1558658

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/liberty)

Reviewed: https://review.openstack.org/299026
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b33c16bb0e75015f3e75693d815cfd616c831112
Submitter: Jenkins
Branch: stable/liberty

commit b33c16bb0e75015f3e75693d815cfd616c831112
Author: Kevin Benton <email address hidden>
Date: Fri Mar 25 04:47:28 2016 -0700

    OVS: Add mac spoofing filtering to flows

    The mac-spoofing filtering done by iptables was
    not adequate. See the bug report and change
    I39dc0e23fc118ede19ef2d986b29fc5a8e48ff78 for
    more information.

    This patch adds flows to the OVS agent to block
    any traffic from the VM that isn't in the allowed
    address pairs macs or the mac address field of
    the port.

    Conflicts:
      neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_int.py
      (no 'dump_flows_for' method so dump_flows had to be used with an additional
       check of the in_port on existing rules)

    Closes-Bug: #1558658
    Change-Id: I02984b21872e0f183db7404c10d8180dbd89075f
    (cherry picked from commit 997d7b03fb7f5528f0a3ce70867b9dcd9321509e)