Adapt the IP learning code to also accept broadcasted DHCP replies
---
src/nwfilter/nwfilter_learnipaddr.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c
+++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c
@@ -414,9 +414,7 @@ learnIPAddressThread(void *arg)
req->status = EINVAL;
goto done;
}
- virBufferAsprintf(&buf, " ether dst %s"
- " and src port 67 and dst port 68",
- macaddr);
+ virBufferAsprintf(&buf, "src port 67 and dst port 68");
break;
default:
if (techdriver->applyBasicRules(req->ifname,
@@ -424,7 +422,8 @@ learnIPAddressThread(void *arg)
req->status = EINVAL;
goto done;
}
- virBufferAsprintf(&buf, "ether host %s", macaddr);
+ virBufferAsprintf(&buf, "ether host %s or ether dst ff:ff:ff:ff:ff:ff",
+ macaddr);
}
if (virBufferError(&buf)) {
@@ -529,7 +528,9 @@ learnIPAddressThread(void *arg)
}
}
} else if (virMacAddrCmpRaw(&req->macaddr,
- ether_hdr->ether_dhost) == 0) {
+ ether_hdr->ether_dhost) == 0 ||
+ /* allow Broadcast replies from DHCP server */
+ virMacAddrIsBroadcastRaw(ether_hdr->ether_dhost)) {
/* packets to the VM */
if (etherType == ETHERTYPE_IP &&
(header.len >= ethHdrSize +
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list