[Openstack-security] [openstack/neutron] SecurityImpact review request change Ic115eeb59cbacdafb85296d435322ea8b8cc99d6
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed May 27 10:58:57 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/157634
Log:
commit 037073465efb2eb0b0872f9de9b9e5216e7ef0c7
Author: Juergen Brendel <jbrendel at cisco.com>
Date: Thu May 14 11:51:36 2015 +1200
ARP spoofing patch: Ebtables manager
ARP cache poisoning is not actually prevented by the firewall
driver 'iptables_firewall'. We are adding the use of the ebtables
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.
The complete patch is broken into smaller patch sets for easier review.
This patch set here includes the ebtables manager class.
Note:
This commit is based greatly on an original, now abandoned patch,
presented for review here:
https://review.openstack.org/#/c/70067/
Full spec can be found here: https://review.openstack.org/#/c/129090/
SecurityImpact
Change-Id: Ic115eeb59cbacdafb85296d435322ea8b8cc99d6
Implements: blueprint arp-spoof-patch-ebtables
Related-Bug: 1274034
Co-Authored-By: jbrendel <jbrendel at cisco.com>
More information about the Openstack-security
mailing list