Re: [PATCH 9/9] add DHCP snooping support to nwfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 09, 2011 at 01:12:10PM -0700, David L Stevens wrote:
> This patch removes remaining pieces of IP address learning.

Do we actually want todo this ?  This is effectively causing a
regression in functionality for anyone who's relying on the
current IP learning support, but who does not use DHCP.

I'm inclined to say that we should have a configuration
parameter in /etc/libvirt/qemu.conf  (or /etc/libvirt/nwfilter.conf)
to specify the learning method, and perhaps to also specify
a particular DHCP server address (otherwise one guest could
run a malicious DHCP server and hand out addrs to other
guests). so perhaps:

   ip_learning="none|arp|dhcp"
   dhcp_server="192.2.2.43"

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]