<div class="gmail_quote">On Tue, Apr 17, 2012 at 6:57 PM, Stefan Berger <<a href="mailto:stefanb@linux.vnet.ibm.com">stefanb@linux.vnet.ibm.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Let me know when you tested it. I have pretty high confidence in the correctness of the code now :-) Regards, Stefan </blockquote></div> Short version: I got an error "internal error IP parameter must be provided since snooping the IP address does not work possibly due to missing tools". Off the top of my head, I don't know what I'm missing, but I'm probably at fault for it. Gorey details: First, I had a devil of a time getting libvirt to install on my Gentoo system from the git repository. I don't know if my method is causing the error message that I will outline below. I install libvirt (0.9.11?) from your git sources (check out less than one hour ago) directly on top of my existing Gentoo libivrt install (0.9.10-r4). I wanted to keep the Gentoo init scripts. Some of the older "0.9.10" ".so" files are lying around, but they are not in use and can (hopefully) be ignored. This was my procedure: 1) emerge =libvirt-0.9.10-r4 2) cd /usr/src 3) git clone git://<a href="http://libvirt.org/libvirt.git">libvirt.org/libvirt.git</a> libvirt 4) cd ./libvirt 5) ./autogen.sh 6) ./configure --prefix=/usr 7) make -j4 8) ## Error about "libnl" not using a symbol (-Werror tripped me up). 9) ## (TL;DR - I forced Gentoo to update libnl to-1.1-r3) 10) make -j4 11) ## make backup of "/etc/libvirt", as "make install" will clobber my config files. 12) make install 13) ## restore my "/etc/libvirt" on top of whatever "make install" dropped there. 14) /etc/init.d/libvirt restart 15) virsh --version 0.9.11 16) virsh edit dwj-xp-msdev98 Added XML to enable DHCP snooping. Result: <interface type='bridge'> <mac address='82:00:00:00:00:09'/> <source bridge='br0'/> <filterref filter='clean-traffic'> <parameter name='ip_learning' value='dhcp'/> </filterref> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> 17) virsh start dwj-xp-msdev98 ostara libvirt # virsh start dwj-xp-msdev98 error: Failed to start domain dwj-xp-msdev98 error: internal error IP parameter must be provided since snooping the IP address does not work possibly due to missing tools ostara libvirt # virsh start dwj-xp-vs10 Domain dwj-xp-vs10 started So libvirt is still working for VMs that I've not reconfigured for DHCP snooping yet. Please advise on what I'm missing. ps- I've reached out to the maintainer for the Gentoo "libvirt" ebuilds with a bug report on the building a proper libvirt from git ("=app-emulation/libvirt-9999" in Gentoo speak). Additional info: My system has 2 physical NICs and one bridge. <ol><li>eth0 = internal LAN, default gateway for LAN.</li><li>eth1 = my public IP (off of residential DSL)</li><li>br0 = totally internal to my server. Not connected to either eth0 or eth1. Use by QEMU to create "vnetNNN" interfaces off of.</li> </ol>I run a custom iptables ruleset to (very high level): <ol><li> NAT traffic from eth0, br0 out eth1</li><li>block br0 from initiating a connection into eth0</li><li>permit traffic from eth0 to go into systems on br0 </li></ol>I have a DHCP server running on the host, answering on eth0 and br0. I'm _not_ using QEMU's built-in "nat" method for assigning a NIC to a VM ("virbr0" or whatever). Is my setup compatible with DHCP snooping by libvirt?