Re: [PATCH V9 0/6] Add DHCP snooping support to nwfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Fri, Apr 13, 2012 at 10:09 AM, Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote:
This series of patches adds DHCP snooping support to libvirt's
nwfilter subsystem.

DHCP snooping detects DHCP leases obtained by a VM and automatically
adjusts the network traffic filters to reflect the IP addresses
with which a VM may send its traffic, thus for example preventing
IP address spoofing.
Once leases on IP addresses expire or if a VM gives up on a
lease on an IP address, the filters are also adjusted.
All leases are persisted and automatically applied upon a VM's restart.
Leases are associated with the tuple of VM-UUID and interface MAC
address.

The following interface XML activates and uses the DHCP snooping:

   <interface type='bridge'>
     <source bridge='virbr0'/>
     <filterref filter='clean-traffic'>
       <parameter name='ip_learning' value='dhcp'/>
     </filterref>
   </interface>


Regards,
  David and Stefan


Would libvirt (via the perl wrapper) be able to query the IP address information?

I am developing a light-weight web interface for managing several QEMU instances on my server (apache, mod_perl, Sys-Virt, libvirtd).  I can get the MAC address of each VM from the XML file ($dom->get_xml_description, XML::Simple), but at the moment I do not have a clean way to get the corresponding IP address.

My system runs its own DHCP server and "arpwatch".  I was considering trying to extract the MAC->IP mapping from those, but if QEMU/libvirtd itself knows the IP in use by the VM, then that would be fantastic.

I should mention that I'm using "br0", not "virbr0" style bridges.  I don't know if that matters.

Thank you guys for your excellent work and your time.  Libvirt and the wrapper APIs are incredibly useful.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]