On Tue, Nov 20, 2018 at 04:05:43PM +0100, Marcin Mirecki wrote: > Hello, > > The network filters feature has an option of automatically detecting the IP > of a VM [1]. > Is it possible to retrieve this IP by any means? It is possibly visible in the live XML in the <filterref> XML as a parameter. > If not, would you considering adding such a feature? We should make it visible via the API for fetching guest IP addrs. The snooping code should be moved out of nwfilter and into the QEMU driver. The QEMU driver should simply update the nwfilter binding with the IP once it has snooped it. > It would be very useful for uses cases where there is no guest agent. NB, there are potentially trust issues when using a snooped IP addr. eg if snooping DHCP responses, a malicious guest could act as a DHCP server and send bogus responses. If snooping ARPs a malicious guest can send gratuituous ARPs. Thus for nwfilter we tend to recommend setting explicit IP addrs, or using filters that block guests from sending bogus DHCP response Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
