On Fri, Apr 13, 2012 at 10:09 AM, Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote:
This series of patches adds DHCP snooping support to libvirt's
nwfilter subsystem.
DHCP snooping detects DHCP leases obtained by a VM and automatically
adjusts the network traffic filters to reflect the IP addresses
with which a VM may send its traffic, thus for example preventing
IP address spoofing.
Once leases on IP addresses expire or if a VM gives up on a
lease on an IP address, the filters are also adjusted.
All leases are persisted and automatically applied upon a VM's restart.
Leases are associated with the tuple of VM-UUID and interface MAC
address.
The following interface XML activates and uses the DHCP snooping:
<interface type='bridge'>
<source bridge='virbr0'/>
<filterref filter='clean-traffic'>
<parameter name='ip_learning' value='dhcp'/>
</filterref>
</interface>
Regards,
David and Stefan
Would libvirt (via the perl wrapper) be able to query the IP address information?
I am developing a light-weight web interface for managing several QEMU instances on my server (apache, mod_perl, Sys-Virt, libvirtd). I can get the MAC address of each VM from the XML file ($dom->get_xml_description, XML::Simple), but at the moment I do not have a clean way to get the corresponding IP address.
My system runs its own DHCP server and "arpwatch". I was considering trying to extract the MAC->IP mapping from those, but if QEMU/libvirtd itself knows the IP in use by the VM, then that would be fantastic.
I should mention that I'm using "br0", not "virbr0" style bridges. I don't know if that matters.
Thank you guys for your excellent work and your time. Libvirt and the wrapper APIs are incredibly useful.
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list