<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 04/18/2012 04:54 PM, dennis jenkins wrote:
<blockquote
cite="mid:CAAEzAp-TYrM+rRbMXde8Pf6tEBb330_N9r7VORmw5i635TTswg@mail.gmail.com"
type="cite">
<div class="gmail_quote">On Tue, Apr 17, 2012 at 6:57 PM, Stefan
Berger <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:stefanb@linux.vnet.ibm.com">stefanb@linux.vnet.ibm.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<br>
Let me know when you tested it. I have pretty high confidence
in the correctness of the code now :-)<br>
<br>
Regards,<br>
Stefan<br>
<br>
</blockquote>
</div>
<br>
<br>
Short version:<br>
<br>
I got an error "internal error IP parameter must be provided
since snooping the IP address does not work possibly due to
missing tools". Off the top of my head, I don't know what I'm
missing, but I'm probably at fault for it.<br>
<br>
Gorey details:<br>
<br>
First, I had a devil of a time getting libvirt to install on my
Gentoo system from the git repository. I don't know if my method
is causing the error message that I will outline below.<br>
<br>
I install libvirt (0.9.11?) from your git sources (check out less
than one hour ago) directly on top of my existing Gentoo libivrt
install (0.9.10-r4). I wanted to keep the Gentoo init scripts.
Some of the older "0.9.10" ".so" files are lying around, but they
are not in use and can (hopefully) be ignored.<br>
<br>
This was my procedure:<br>
1) emerge =libvirt-0.9.10-r4<br>
2) cd /usr/src<br>
3) git clone git://<a moz-do-not-send="true"
href="http://libvirt.org/libvirt.git">libvirt.org/libvirt.git</a>
libvirt<br>
4) cd ./libvirt<br>
5) ./autogen.sh<br>
6) ./configure --prefix=/usr<br>
7) make -j4<br>
8) ## Error about "libnl" not using a symbol (-Werror tripped me
up).<br>
9) ## (TL;DR - I forced Gentoo to update libnl to-1.1-r3)<br>
10) make -j4<br>
11) ## make backup of "/etc/libvirt", as "make install" will
clobber my config files.<br>
12) make install<br>
13) ## restore my "/etc/libvirt" on top of whatever "make install"
dropped there.<br>
14) /etc/init.d/libvirt restart<br>
15) virsh --version<br>
0.9.11<br>
16) virsh edit dwj-xp-msdev98<br>
Added XML to enable DHCP snooping. Result:<br>
<br>
<interface type='bridge'><br>
<mac address='82:00:00:00:00:09'/><br>
<source bridge='br0'/><br>
<filterref filter='clean-traffic'><br>
<parameter name='ip_learning' value='dhcp'/><br>
</filterref><br>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/><br>
</interface><br>
<br>
17) virsh start dwj-xp-msdev98<br>
<br>
ostara libvirt # virsh start dwj-xp-msdev98<br>
error: Failed to start domain dwj-xp-msdev98<br>
error: internal error IP parameter must be provided since snooping
the IP address does not work possibly due to missing tools<br>
<br>
ostara libvirt # virsh start dwj-xp-vs10<br>
Domain dwj-xp-vs10 started<br>
<br>
So libvirt is still working for VMs that I've not reconfigured for
DHCP snooping yet.<br>
<br>
Please advise on what I'm missing.<br>
</blockquote>
<br>
<br>
The support for DHCP snooping has not be check into the repository,
yet. You would have to apply the patches from the ml.<br>
<br>
Otherwise what seems to be missing is the package providing the
ebtables tool.<br>
<br>
<br>
<br>
<blockquote
cite="mid:CAAEzAp-TYrM+rRbMXde8Pf6tEBb330_N9r7VORmw5i635TTswg@mail.gmail.com"
type="cite">
<br>
ps- I've reached out to the maintainer for the Gentoo "libvirt"
ebuilds with a bug report on the building a proper libvirt from
git ("=app-emulation/libvirt-9999" in Gentoo speak).<br>
<br>
Additional info:<br>
<br>
My system has 2 physical NICs and one bridge.<br>
<ol>
<li>eth0 = internal LAN, default gateway for LAN.</li>
<li>eth1 = my public IP (off of residential DSL)</li>
<li>br0 = totally internal to my server. Not connected to
either eth0 or eth1. Use by QEMU to create "vnetNNN"
interfaces off of.</li>
</ol>
<p>I run a custom iptables ruleset to (very high level):<br>
</p>
<ol>
<li> NAT traffic from eth0, br0 out eth1</li>
<li>block br0 from initiating a connection into eth0</li>
<li>permit traffic from eth0 to go into systems on br0<br>
</li>
</ol>
I have a DHCP server running on the host, answering on eth0 and
br0.<br>
<br>
I'm _not_ using QEMU's built-in "nat" method for assigning a NIC
to a VM ("virbr0" or whatever).<br>
<br>
Is my setup compatible with DHCP snooping by libvirt?<br>
<br>
</blockquote>
<br>
It should be.<br>
<br>
<br>
Regards,<br>
Stefan<br>
<br>
</body>
</html>