[RFC PATCHv2 0/9] DHCP snooping support for libvirt. | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
This series of patches adds DHCP snooping support to libvirt. This version saves leases on disk for restoration after a libvirtd restart and allows selection of different ip_learning methods by setting filter parameter "ip_learning" to one of "any" (existing IP learning code) "none" (static only addresses) or "DHCP" (DHCP Snooping). This code does not (yet) support passing lease information across a migration. A migrated guest requires a DHCP ACK (e.g., via ifdown/ifup on the guest) to send/receive traffic for DHCP-learned addresses after a migration. David L Stevens (9): support continue/return allow required ARP packets reverse sense of address matching make default chain policy "DROP" allow chain modification support addRules support variable value changing add DHCP snooping add leasefile support examples/xml/nwfilter/Makefile.am | 5 +- examples/xml/nwfilter/allow-arp.xml | 5 +- examples/xml/nwfilter/allow-arpip.xml | 3 + examples/xml/nwfilter/allow-arpmac.xml | 3 + examples/xml/nwfilter/clean-traffic.xml | 6 +- examples/xml/nwfilter/no-arp-spoofing.xml | 38 +- examples/xml/nwfilter/no-arpip-spoofing.xml | 10 + examples/xml/nwfilter/no-arpmac-spoofing.xml | 5 + examples/xml/nwfilter/no-ip-spoofing.xml | 9 +- examples/xml/nwfilter/no-mac-spoofing.xml | 10 +- examples/xml/nwfilter/no-other-l2-traffic.xml | 13 +- examples/xml/nwfilter/no-other-rarp-traffic.xml | 3 - examples/xml/nwfilter/qemu-announce-self.xml | 1 - src/Makefile.am | 2 + src/conf/nwfilter_conf.c | 12 +- src/conf/nwfilter_conf.h | 16 +- src/nwfilter/nwfilter_dhcpsnoop.c | 938 +++++++++++++++++++++++ src/nwfilter/nwfilter_dhcpsnoop.h | 36 + src/nwfilter/nwfilter_driver.c | 5 + src/nwfilter/nwfilter_ebiptables_driver.c | 225 +++++-- src/nwfilter/nwfilter_gentech_driver.c | 199 ++++- src/nwfilter/nwfilter_gentech_driver.h | 11 + 22 files changed, 1419 insertions(+), 136 deletions(-) create mode 100644 examples/xml/nwfilter/allow-arpip.xml create mode 100644 examples/xml/nwfilter/allow-arpmac.xml create mode 100644 examples/xml/nwfilter/no-arpip-spoofing.xml create mode 100644 examples/xml/nwfilter/no-arpmac-spoofing.xml delete mode 100644 examples/xml/nwfilter/no-other-rarp-traffic.xml create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.c create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.h -- 1.7.6.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
[Virt Tools] [Libvirt Users] [Fedora Users] [Fedora Legacy] [Fedora Maintainers] [Fedora Desktop] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
