[Openstack-security] [openstack/neutron] SecurityImpact review request change I3c66e92cbe8883dcad843ad243388def3a96dbe5
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Apr 28 04:32:46 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/157097
Log:
commit 3d0770d1eae500093ba86931eadcd5493600db5e
Author: Juergen Brendel <jbrendel at cisco.com>
Date: Thu Feb 26 13:51:04 2015 +1300
ARP spoofing patch: Data structures for rules.
ARP cache poisoning is not actually prevented by the firewall
driver 'iptables_firewall'. We are adding the use of the ebtables
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.
The complete patch is broken into smaller patch sets for easier review.
This patch set here includes the some classes for the maintenance of ebtable
chains and rules.
Note:
This commit is based greatly on an original, now abandoned patch,
presented for review here:
https://review.openstack.org/#/c/70067/
Full spec can be found here: https://review.openstack.org/#/c/129090/
SecurityImpact
Change-Id: I3c66e92cbe8883dcad843ad243388def3a96dbe5
Implements: blueprint arp-spoof-patch-ebtables
Related-Bug: 1274034
Co-Authored-By: jbrendel <jbrendel at cisco.com>
More information about the Openstack-security
mailing list