[Openstack-security] [openstack/neutron] SecurityImpact review request change I1f8311f1b9ae1be02afde3e9078e49c6da373a88

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Thu Sep 3 04:03:14 UTC 2015


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/201650

Log:
commit bf4b41b9dc2f151e4eb76ddcc30d1276f6d5b961
Author: sridhargaddam <sridhar.gaddam at enovance.com>
Date:   Tue Jul 14 16:18:06 2015 +0000

    Add IPv6 Address Resolution protection
    
    Similar to IPv4 arp protection support, this patch adds the necessary OVS
    rules to prevent ports attached to agent from sending any icmpv6 neighbor
    advertisement messages that contain an IPv6 address not belonging to the port.
    
    For details please refer to "Figure 3. Attack against IPv6 Address Resolution"
    http://www.cisco.com/web/about/security/intelligence/ipv6_first_hop.html
    
    DocImpact
    SecurityImpact
    
    Closes-Bug: #1491690
    Change-Id: I1f8311f1b9ae1be02afde3e9078e49c6da373a88





More information about the Openstack-security mailing list