vmware-nsx

Go to file

Xuhan Peng b7b0c7dbcd Permit ICMPv6 RAs only from known routers

Currently ingress ICMPv6 RAs are permitted from any IPs by
default to allow VMs to accept ICMPv6 RA from provider network.
In this way, VM can accept RAs from attacker VM and configure
a network prefix specified by the attacher VM.

Remove permitting ICMPv6 RAs from any IPs and add security rule
to only permit ICMPv6 RA from:

1. If the port's subnet is configured with ipv6_ra_mode value
(i.e.value is slaac, dhcpv6-stateful, or dhcpv6-stateless), RA
is sending from dnsmasq controlled by OpenStack. In this case,
allow RA from the link local address of gateway port (if the
gateway port is created).

2. If the subnet's gateway port is not managed by OpenStack, allow
the ICMPv6 RA sent from the subnet gateway IP if it's a link local
address. The administrator needs to configure the gateway IP as
link local address in this case to make the RA rule work.

Change-Id: I1d5c7aaa8e4cf057204eb746c0faab2c70409a94
Closes-Bug: 1262759

2014-04-02 16:24:17 +08:00

bin

Use oslo.rootwrap library instead of local copy

2014-02-07 10:58:27 +01:00

doc

API layer documentation

2014-03-13 00:43:07 -04:00

etc

Add enable_security_group to BigSwitch and OneConvergence ini files

2014-03-22 19:13:10 +09:00

neutron

Permit ICMPv6 RAs only from known routers

2014-04-02 16:24:17 +08:00

quantum

Re-assign quantum.api module as last operation

2013-07-15 22:51:28 +02:00

tools

Merge "Corrects broken format strings in check_i18n.py"

2014-01-07 14:11:59 +00:00

.coveragerc

fix some missing change from quantum to neutron

2013-07-08 12:11:04 +08:00

.gitignore

Updates .gitignore

2013-11-28 23:18:03 +08:00

.gitreview

Rename quantum to neutron in .gitreview.

2013-07-06 12:25:09 -04:00

.mailmap

mailmap: update .mailmap

2014-02-10 15:48:48 +09:00

.pylintrc

Rename Quantum to Neutron

2013-07-06 15:02:43 -04:00

.testr.conf

Add an explicit tox job for functional tests

2014-02-05 17:11:52 +00:00

babel.cfg

Use babel to generate translation file

2013-01-24 00:20:32 +08:00

HACKING.rst

Cleanup HACKING.rst

2013-11-11 10:32:34 -08:00

LICENSE

Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to

2011-08-08 12:31:04 -07:00

MANIFEST.in

Rename Quantum to Neutron

2013-07-06 15:02:43 -04:00

openstack-common.conf

Merge "Remove dependent module py3kcompat"

2014-02-23 06:30:59 +00:00

README.rst

Rename Quantum to Neutron

2013-07-06 15:02:43 -04:00

requirements.txt

Updated from global requirements

2014-04-01 11:51:30 +00:00

run_tests.sh

Merge "Don't document non-existing flag '--hide-elapsed'"

2014-02-22 04:05:04 +00:00

setup.cfg

Open Juno development

2014-03-27 16:42:57 +01:00

setup.py

Updated from global requirements

2013-10-01 16:13:29 +00:00

test-requirements.txt

Bugfix and refactoring for ovs_lib flow methods

2014-03-14 15:23:19 +02:00

TESTING.rst

Developer documentation

2014-02-26 11:03:46 -05:00

tox.ini

add HEAD sentinel file that contains migration revision

2014-03-19 12:40:29 -04:00

README.rst

# -- Welcome!

You have come across a cloud computing network fabric controller. It has identified itself as "Neutron." It aims to tame your (cloud) networking!

# -- External Resources:

The homepage for Neutron is: http://launchpad.net/neutron . Use this site for asking for help, and filing bugs. Code is available on github at <http://github.com/openstack/neutron>.

The latest and most in-depth documentation on how to use Neutron is available at: <http://docs.openstack.org>. This includes:

Neutron Administrator Guide http://docs.openstack.org/trunk/openstack-network/admin/content/

Neutron API Reference: http://docs.openstack.org/api/openstack-network/2.0/content/

The start of some developer documentation is available at: http://wiki.openstack.org/NeutronDevelopment

For help using or hacking on Neutron, you can send mail to <mailto:openstack-dev@lists.openstack.org>.