[Openstack-security] [openstack/neutron] SecurityImpact review request change Ic115eeb59cbacdafb85296d435322ea8b8cc99d6

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Mon May 25 02:29:49 UTC 2015


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/157634

Log:
commit ebcb9d9ee52536245c8be3e74981994e5143eb50
Author: Juergen Brendel <jbrendel at cisco.com>
Date:   Thu May 14 11:51:36 2015 +1200

    ARP spoofing patch: Ebtables manager
    
    ARP cache poisoning is not actually prevented by the firewall
    driver 'iptables_firewall'. We are adding the use of the ebtables
    command - with a corresponding ebtables-driver - in order to create
    Ethernet frame filtering rules, which prevent the sending of ARP
    cache poisoning frames.
    
    The complete patch is broken into smaller patch sets for easier review.
    
    This patch set here includes the ebtables manager class.
    
    Note:
        This commit is based greatly on an original, now abandoned patch,
        presented for review here:
    
            https://review.openstack.org/#/c/70067/
    
    Full spec can be found here: https://review.openstack.org/#/c/129090/
    
    SecurityImpact
    
    Change-Id: Ic115eeb59cbacdafb85296d435322ea8b8cc99d6
    Implements: blueprint arp-spoof-patch-ebtables
    Related-Bug: 1274034
    Co-Authored-By: jbrendel <jbrendel at cisco.com>





More information about the Openstack-security mailing list