[libvirt] [PATCH 0/9] add DHCP snooping support to nwfilter
Eric Blake
eblake at redhat.com
Mon May 9 20:41:37 UTC 2011
On 05/09/2011 02:00 PM, David L Stevens wrote:
> The following series of patches replaces IP address learning in
> network filtering with DHCP snooping. The existing address learning capability
> does not provide security since it relies on addresses used in initial packets
> sent by the guest to determine an IP address. A spoofing guest can simply
> arrange to send packets using the target address early on.
> With DHCP snooping, only addresses acknowledged by a DHCP server can
> be used by the guest, and only for the given lease time if the address lease
> is not renewed.
> The patches also add support for multiple IP addresses per interface.
Can you configure your mailer to send related patches threaded to one
another (or at least all as a reply to the 0/9 cover-letter), rather
than starting an independent thread for each mail in the series? 'git
send-email' can do this. Also, some of your mails came through twice;
for example:
https://www.redhat.com/archives/libvir-list/2011-May/msg00437.html
https://www.redhat.com/archives/libvir-list/2011-May/msg00441.html
which has the tendency to cause review confusion.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110509/4b204aaa/attachment-0001.sig>
More information about the libvir-list
mailing list