OpenStack Networking (Neutron)

Go to file

LIU Yulong 00298fe6e8 [Security] fix allowed-address-pair 0.0.0.0/0 issue When add allowed-address-pair 0.0.0.0/0 to one port, it will unexpectedly open all others' protocol under same security group. IPv6 has the same problem. The root cause is the openflow rules calculation of the security group, it will unexpectedly allow all IP(4&6) traffic to get through. For openvswitch openflow firewall, this patch adds a source mac address match for the allowed-address-pair which has prefix lenght 0, that means all ethernet packets from this mac will be accepted. It exactly will meet the request of accepting any IP address from the configured VM. Test result shows that the remote security group and allowed address pair works: 1. Port has 0.0.0.0/0 allowed-address-pair clould send any IP (src) packet out. 2. Port has x.x.x.x/y allowed-address-pair could be accepted for those VMs under same security group. 3. Ports under same network can reach each other (remote security group). 4. Protocol port number could be accessed only when there has related rule. Closes-bug: #1867119 Change-Id: I2e3aa7c400d7bb17cc117b65faaa160b41013dde		2020-03-21 17:54:34 +08:00
api-ref	Fix some typos	2016-06-28 22:46:19 +02:00
devstack	Merge "[OVN] Switch release jobs to OVN 20.03 (v20.03.0 tag)"	2020-03-17 20:30:17 +00:00
doc	[ovn] Documentation: Fix broken links in the OVN Doc	2020-03-20 15:53:57 +01:00
etc	Drop invalid rootwrap filters	2020-02-21 13:21:20 +02:00
neutron	[Security] fix allowed-address-pair 0.0.0.0/0 issue	2020-03-21 17:54:34 +08:00
playbooks	Merge "Disable not needed services in grenade jobs"	2020-01-22 17:07:14 +00:00
rally-jobs	Rally task definition for port binding scenario	2019-07-08 13:25:46 +02:00
releasenotes	Reno only - Make stateless allocation segment aware	2020-03-19 23:40:33 +00:00
roles	Add MariaDB 10.3 repository for Ubuntu Bionic	2020-01-16 10:05:36 +00:00
tools	[OVN] Updates to tools/migrate_names.txt	2020-03-10 22:15:44 +00:00
vagrant/ovn	[OVN] Merge networking-ovn vagrant into neutron	2020-02-18 17:26:15 -05:00
zuul.d	Merge "Run fullstack security group test always serially"	2020-03-21 08:49:15 +00:00
.coveragerc	Cleanup coverage configuration	2016-10-17 17:06:19 +05:30
.gitignore	Add etc/neutron/*.sample files to be ignored by git	2019-12-12 12:38:24 +01:00
.gitreview	OpenDev Migration Patch	2019-04-19 19:38:27 +00:00
.mailmap	Add mailmap entry	2014-05-16 13:40:04 -04:00
.pylintrc	Fix pylint R1717 (consider-using-dict-comprehension) refactor messages	2019-03-14 23:19:58 +00:00
.stestr.conf	Fix post gate hook to accommodate for new os-testr	2017-09-12 14:20:12 -06:00
CONTRIBUTING.rst	[Community goal] Add contributor and PTL guide	2020-03-03 04:43:26 +01:00
HACKING.rst	Remove references to unittest2 library	2020-01-14 09:03:26 +00:00
LICENSE	Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to	2011-08-08 12:31:04 -07:00
README.rst	Start README.rst with a better title	2019-11-19 17:42:57 +01:00
TESTING.rst	Update TOX_ENV_SRC_MODULES example	2019-12-18 11:37:38 -05:00
babel.cfg	Use babel to generate translation file	2013-01-24 00:20:32 +08:00
bindep.txt	Merge "Stop testing python 2"	2019-10-28 00:52:16 +00:00
lower-constraints.txt	Bump neutron-lib to 2.2.0	2020-03-10 14:14:15 +00:00
requirements.txt	Bump neutron-lib to 2.2.0	2020-03-10 14:14:15 +00:00
setup.cfg	Merge "[OVN] Migrate the OVN tools"	2020-02-03 18:27:24 +00:00
setup.py	Updated from global requirements	2017-03-04 11:19:58 +00:00
test-requirements.txt	Fix pep8 errors found by hacking 2.0.0	2019-12-13 16:41:27 -05:00
tox.ini	Run fullstack security group test always serially	2020-03-03 15:18:18 +01:00

README.rst

OpenStack Neutron

Neutron is an OpenStack project to provide "network connectivity as a service" between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., Nova).

To learn more about neutron:

Documentation: https://docs.openstack.org/neutron/latest/

Features: https://specs.openstack.org/openstack/neutron-specs

Defects: https://launchpad.net/neutron

Release notes: https://docs.openstack.org/releasenotes/neutron/index.html

Source: https://opendev.org/openstack/neutron

Get in touch via email. Use [Neutron] in your subject.

To learn how to contribute, please read the CONTRIBUTING.rst file.