openstack/neutron
Code Issues Proposed changes
OpenStack Networking (Neutron)
11,537 Commits 10 Branches 89 Tags 1,016 MiB
Python 99.7%
Shell 0.3%
bbca973986
Go to file
Kevin Benton bbca973986 Stop device_owner from being set to 'network:*' 
This patch adjusts the FieldCheck class in the policy engine to
allow a regex rule. It then leverages that to prevent users from
setting the device_owner field to anything that starts with
'network:' on networks which they do not own.

This policy adjustment is necessary because any ports with a
device_owner that starts with 'network:' will not have any security
group rules applied because it is assumed they are trusted network
devices (e.g. router ports, DHCP ports, etc). These security rules
include the anti-spoofing protection for DHCP, IPv6 ICMP messages,
and IP headers.

Without this policy adjustment, tenants can abuse this trust when
connected to a shared network with other tenants by setting their
VM port's device_owner field to 'network:<anything>' and hijack other
tenants' traffic via DHCP spoofing or MAC/IP spoofing.

Closes-Bug: #1489111
Change-Id: Ia64cf16142e0e4be44b5b0ed72c8e00792d770f9
2015-09-08 15:00:13 +00:00
bin Replace 'import json' with oslo_serialization 2015-08-11 06:05:37 -07:00
devstack Added initial devstack plugin 2015-08-20 18:27:56 +02:00
doc Merge "Remove implicit registration of *-aas service providers" 2015-09-05 04:50:27 +00:00
etc Stop device_owner from being set to 'network:*' 2015-09-08 15:00:13 +00:00
neutron Stop device_owner from being set to 'network:*' 2015-09-08 15:00:13 +00:00
rally-jobs Changes in rally-jobs/README.rst 2015-06-04 10:34:15 -04:00
tools Final decomposition of Cisco plugin 2015-09-05 04:59:08 +00:00
.coveragerc Update .coveragerc after the removal of Cisco Nexus monolithic plugin 2015-03-31 02:25:06 +00:00
.gitignore Remove quantum untracked files from .gitignore 2015-06-25 11:59:37 +00:00
.gitreview Fix .gitreview to not point at a branch 2015-08-17 13:51:51 -06:00
.mailmap Add mailmap entry 2014-05-16 13:40:04 -04:00
.pylintrc pylint: enable duplicate-key check 2015-06-04 13:10:44 +10:00
.testr.conf Workaround test stream corruption issue. 2015-09-05 04:19:40 +00:00
babel.cfg Use babel to generate translation file 2013-01-24 00:20:32 +08:00
CONTRIBUTING.rst Workflow documentation is now in infra-manual 2014-12-05 03:30:37 +00:00
HACKING.rst Python3: use six.iteritems() instead of dict.iteritems() 2015-06-01 23:13:42 +02:00
LICENSE Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to 2011-08-08 12:31:04 -07:00
MANIFEST.in Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
openstack-common.conf Switch to the oslo_utils.fileutils 2015-07-15 08:09:26 +03:00
README.rst Update the URLs to the Cloud Admin Guide 2015-08-24 17:24:34 +02:00
requirements.txt Updated from global requirements 2015-09-04 23:06:43 +00:00
run_tests.sh Remove check for bash usage 2015-04-07 15:15:33 +00:00
setup.cfg Merge "Final decomposition of Cisco plugin" 2015-09-06 20:02:34 +00:00
setup.py Updated from global requirements 2015-07-18 16:06:06 +00:00
test-requirements.txt Updated from global requirements 2015-08-13 02:14:42 +00:00
TESTING.rst Add testing coverage .rst, missing test infrastructure to-dos 2015-08-10 20:37:23 -04:00
tox.ini Merge "Enable most unit tests for py34 job" 2015-09-04 20:55:18 +00:00

README.rst

Welcome!

You have come across a cloud computing network fabric controller. It has identified itself as "Neutron." It aims to tame your (cloud) networking!

External Resources:

The homepage for Neutron is: http://launchpad.net/neutron. Use this site for asking for help, and filing bugs. Code is available on git.openstack.org at <http://git.openstack.org/cgit/openstack/neutron>.

The latest and most in-depth documentation on how to use Neutron is available at: <http://docs.openstack.org>. This includes:

Neutron Administrator Guide

http://docs.openstack.org/admin-guide-cloud/networking.html

Networking Guide

http://docs.openstack.org/networking-guide/

Neutron API Reference:

http://docs.openstack.org/api/openstack-network/2.0/content/

Current Neutron developer documentation is available at:

http://wiki.openstack.org/NeutronDevelopment

For help on usage and hacking of Neutron, please send mail to <mailto:openstack-dev@lists.openstack.org>.

For information on how to contribute to Neutron, please see the contents of the CONTRIBUTING.rst file.