On 12/08/2014 07:35 PM, Stefan Berger wrote: > Make use of the ebtables functionality to be able to filter certain > parameters of icmpv6 packets. Extend the XML parser for icmpv6 types, > type ranges, codes, and code ranges. Extend the nwfilter documentation, > schema, and test cases. > > Being able to filter icmpv6 types and codes helps extending the DHCP > snooper for IPv6 and filtering at least some parameters of IPv6's NDP > (Neighbor Discovery Protocol) packets. However, the filtering will not > be as good as the filtering of ARP packets since we cannot > check on IP addresses in the payload of the NDP packets. > > Signed-off-by: Stefan Berger stefanb@xxxxxxxxxxxxxxxxxx > --- > docs/formatnwfilter.html.in | 20 +++++++ > docs/schemas/nwfilter.rng | 26 +++++++++ > src/conf/nwfilter_conf.c | 26 +++++++++ > src/conf/nwfilter_conf.h | 4 ++ > src/nwfilter/nwfilter_ebiptables_driver.c | 80 ++++++++++++++++++++++++++ > tests/nwfilterxml2firewalldata/ipv6-linux.args | 16 ++++++ > tests/nwfilterxml2firewalldata/ipv6.xml | 38 ++++++++++++ > tests/nwfilterxml2xmlin/ipv6-test.xml | 38 ++++++++++++ > tests/nwfilterxml2xmlout/ipv6-test.xml | 12 ++++ > 9 files changed, 260 insertions(+) ACK Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list