On 09/23/2013 08:01 PM, Laszlo Ersek wrote: > On 09/23/13 16:46, Laine Stump wrote: > >> 2) Along with 255.255.255.255/32, I think this patch can/should also add >> a "networkDirectedLocalBroadcast" (which will obviously need to be a >> local variable and recomputed each time). This can be computed by ORing >> the ip address of the network with ~netmask, then appending a 32 prefix. >> So for example, the directed broadcast for 192.168.122.1/24 would be >> 192.168.122.255/32. > I have just finished implementing and testing this. And now I realize > that such a rule is not necessary at all :) Yes, I'm embarrassed to say you are correct. Mixed up memories combined with reading through the BZ too quickly led me to the false recollection that even traffic that remained on the local subnet was being port-mapped. So you can just eliminate that part of the patch. > > Because, 192.168.122.255/32 actually *falls into* 192.168.122.0/24. > Hence, the masquerading rules, which are restricted to > > !192.168.122.0/24 > > destination addresses, *ignore* 192.168.122.255/32 anyway. > > 255.255.255.255/32 is tricky because it never falls into the bridge's > subnet numerically (consequently, it always matches the exclusive > constraint), and yet it must not be masqueraded. > > I'm posting the v3 series anyway. It shouldn't be hard to trim it down > for v4... > > Thanks, > Laszlo > . > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list