[Openstack-security] [openstack/neutron] SecurityImpact review request change I9ef57a86b1a1c1fa4ba1a034c920f23cb40072c0
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Mar 19 00:46:43 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/141130
Log:
commit 576798b6c87047742a0c9f6a1ae88a4b23520e97
Author: Édouard Thuleau <edouard.thuleau at cloudwatt.com>
Date: Tue Feb 10 13:43:34 2015 +1300
ARP spoofing patch: Low level ebtables integration
ARP cache poisoning is not actually prevented by the firewall
driver 'iptables_firewall'. We are adding the use of the ebtables
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.
The complete patch is broken into a set of smaller patches for easier review.
This patch here is th first of the series and includes the low-level ebtables
integration, unit and functional tests.
Note:
This commit is based greatly on an original, now abandoned patch,
presented for review here:
https://review.openstack.org/#/c/70067/
Full spec can be found here:
https://review.openstack.org/#/c/129090/
SecurityImpact
Change-Id: I9ef57a86b1a1c1fa4ba1a034c920f23cb40072c0
Implements: blueprint arp-spoof-patch-ebtables
Related-Bug: 1274034
Co-Authored-By: jbrendel <jbrendel at cisco.com>
More information about the Openstack-security
mailing list