On 01/07/2015 10:54 AM, Ján Tomko wrote:
On 12/08/2014 07:35 PM, Stefan Berger wrote:
Make use of the ebtables functionality to be able to filter certain
parameters of icmpv6 packets. Extend the XML parser for icmpv6 types,
type ranges, codes, and code ranges. Extend the nwfilter documentation,
schema, and test cases.
Being able to filter icmpv6 types and codes helps extending the DHCP
snooper for IPv6 and filtering at least some parameters of IPv6's NDP
(Neighbor Discovery Protocol) packets. However, the filtering will not
be as good as the filtering of ARP packets since we cannot
check on IP addresses in the payload of the NDP packets.
Signed-off-by: Stefan Berger stefanb@xxxxxxxxxxxxxxxxxx
---
docs/formatnwfilter.html.in | 20 +++++++
docs/schemas/nwfilter.rng | 26 +++++++++
src/conf/nwfilter_conf.c | 26 +++++++++
src/conf/nwfilter_conf.h | 4 ++
src/nwfilter/nwfilter_ebiptables_driver.c | 80 ++++++++++++++++++++++++++
tests/nwfilterxml2firewalldata/ipv6-linux.args | 16 ++++++
tests/nwfilterxml2firewalldata/ipv6.xml | 38 ++++++++++++
tests/nwfilterxml2xmlin/ipv6-test.xml | 38 ++++++++++++
tests/nwfilterxml2xmlout/ipv6-test.xml | 12 ++++
9 files changed, 260 insertions(+)
ACK
Pushed with reference to version 1.2.11 updated to 1.2.12.
Stefan
Jan
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list