[RFC PATCHv2 0/9] DHCP snooping support for libvirt.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This series of patches adds DHCP snooping support to libvirt. This version
saves leases on disk for restoration after a libvirtd restart and allows
selection of different ip_learning methods by setting filter parameter
"ip_learning" to one of "any" (existing IP learning code) "none" (static only
addresses) or "DHCP" (DHCP Snooping).

This code does not (yet) support passing lease information across a migration.
A migrated guest requires a DHCP ACK (e.g., via ifdown/ifup on the guest) to
send/receive traffic for DHCP-learned addresses after a migration.

David L Stevens (9):
  support continue/return
  allow required ARP packets
  reverse sense of address matching
  make default chain policy "DROP"
  allow chain modification
  support addRules
  support variable value changing
  add DHCP snooping
  add leasefile support

 examples/xml/nwfilter/Makefile.am               |    5 +-
 examples/xml/nwfilter/allow-arp.xml             |    5 +-
 examples/xml/nwfilter/allow-arpip.xml           |    3 +
 examples/xml/nwfilter/allow-arpmac.xml          |    3 +
 examples/xml/nwfilter/clean-traffic.xml         |    6 +-
 examples/xml/nwfilter/no-arp-spoofing.xml       |   38 +-
 examples/xml/nwfilter/no-arpip-spoofing.xml     |   10 +
 examples/xml/nwfilter/no-arpmac-spoofing.xml    |    5 +
 examples/xml/nwfilter/no-ip-spoofing.xml        |    9 +-
 examples/xml/nwfilter/no-mac-spoofing.xml       |   10 +-
 examples/xml/nwfilter/no-other-l2-traffic.xml   |   13 +-
 examples/xml/nwfilter/no-other-rarp-traffic.xml |    3 -
 examples/xml/nwfilter/qemu-announce-self.xml    |    1 -
 src/Makefile.am                                 |    2 +
 src/conf/nwfilter_conf.c                        |   12 +-
 src/conf/nwfilter_conf.h                        |   16 +-
 src/nwfilter/nwfilter_dhcpsnoop.c               |  938 +++++++++++++++++++++++
 src/nwfilter/nwfilter_dhcpsnoop.h               |   36 +
 src/nwfilter/nwfilter_driver.c                  |    5 +
 src/nwfilter/nwfilter_ebiptables_driver.c       |  225 +++++--
 src/nwfilter/nwfilter_gentech_driver.c          |  199 ++++-
 src/nwfilter/nwfilter_gentech_driver.h          |   11 +
 22 files changed, 1419 insertions(+), 136 deletions(-)
 create mode 100644 examples/xml/nwfilter/allow-arpip.xml
 create mode 100644 examples/xml/nwfilter/allow-arpmac.xml
 create mode 100644 examples/xml/nwfilter/no-arpip-spoofing.xml
 create mode 100644 examples/xml/nwfilter/no-arpmac-spoofing.xml
 delete mode 100644 examples/xml/nwfilter/no-other-rarp-traffic.xml
 create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.c
 create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.h

-- 
1.7.6.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]