[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] [OSSA-2021-004] Neutron: Linuxbridge ARP filter bypass on Netfilter platforms (CV
From:       Jeremy Stanley <fungi () yuggoth ! org>
Date:       2021-08-17 18:02:51
Message-ID: 20210817180250.qm2d6wicxwjif3jq () yuggoth ! org
[Download RAW message or body]


On 2021-08-17 19:30:21 +0200 (+0200), Jan Engelhardt wrote:
> 
> On Tuesday 2021-08-17 17:17, Jeremy Stanley wrote:
> >Description
> >~~~~~~~~~~~
> >Jake Yip with ARDC and Justin Mammarella with the University of
> >Melbourne reported a vulnerability in Neutron's linuxbridge driver
> >on newer Netfilter-based platforms (the successor to IPTables).
> 
> ip_tables is running atop the netfilter API, so.... it's
> not an ordered set with predecessors and successors.

Yes, thanks. It would have been more accurate to draw the comparison
between ebtables and ebtables-nft, which is where the underlying
problem arises. I was trying not to get too into the weeds with
technical detail for the general user audience, who may not be
particularly aware of the names for layer 2 filtering mechanisms,
but I agree this wording is also mildly misleading as a result.

Should I have said "Netfilter-based platforms (the successor to
legacy IPTables)" instead, to differentiate it from Netfilter-based
IPTables?
-- 
Jeremy Stanley

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]