I agree that this is something we need to address. I'm fine with it being opened to the public or being fixed first.
@Dustin,
Can you confirm that the attached patch fixes the mac spoofing issue? (Note that there are two patches in there, one for Linux Bridge and one for OVS)
I didn't do anything about the DHCP request source IP restriction in this patch because that one just seems to be a way to spam some DHCP requests for an incorrect address. Correct me if I'm wrong, but that doesn't pose any security issue (other than log noise), right?
I agree that this is something we need to address. I'm fine with it being opened to the public or being fixed first.
@Dustin,
Can you confirm that the attached patch fixes the mac spoofing issue? (Note that there are two patches in there, one for Linux Bridge and one for OVS)
I didn't do anything about the DHCP request source IP restriction in this patch because that one just seems to be a way to spam some DHCP requests for an incorrect address. Correct me if I'm wrong, but that doesn't pose any security issue (other than log noise), right?