[libvirt] [RFC PATCHv2 0/9] DHCP snooping support for libvirt.

David L Stevens dlstevens at us.ibm.com
Wed Oct 5 15:08:45 UTC 2011 

This series of patches adds DHCP snooping support to libvirt. This version
saves leases on disk for restoration after a libvirtd restart and allows
selection of different ip_learning methods by setting filter parameter
"ip_learning" to one of "any" (existing IP learning code) "none" (static only
addresses) or "DHCP" (DHCP Snooping).

This code does not (yet) support passing lease information across a migration.
A migrated guest requires a DHCP ACK (e.g., via ifdown/ifup on the guest) to
send/receive traffic for DHCP-learned addresses after a migration.

David L Stevens (9):
  support continue/return
  allow required ARP packets
  reverse sense of address matching
  make default chain policy "DROP"
  allow chain modification
  support addRules
  support variable value changing
  add DHCP snooping
  add leasefile support

 examples/xml/nwfilter/Makefile.am               |    5 +-
 examples/xml/nwfilter/allow-arp.xml             |    5 +-
 examples/xml/nwfilter/allow-arpip.xml           |    3 +
 examples/xml/nwfilter/allow-arpmac.xml          |    3 +
 examples/xml/nwfilter/clean-traffic.xml         |    6 +-
 examples/xml/nwfilter/no-arp-spoofing.xml       |   38 +-
 examples/xml/nwfilter/no-arpip-spoofing.xml     |   10 +
 examples/xml/nwfilter/no-arpmac-spoofing.xml    |    5 +
 examples/xml/nwfilter/no-ip-spoofing.xml        |    9 +-
 examples/xml/nwfilter/no-mac-spoofing.xml       |   10 +-
 examples/xml/nwfilter/no-other-l2-traffic.xml   |   13 +-
 examples/xml/nwfilter/no-other-rarp-traffic.xml |    3 -
 examples/xml/nwfilter/qemu-announce-self.xml    |    1 -
 src/Makefile.am                                 |    2 +
 src/conf/nwfilter_conf.c                        |   12 +-
 src/conf/nwfilter_conf.h                        |   16 +-
 src/nwfilter/nwfilter_dhcpsnoop.c               |  938 +++++++++++++++++++++++
 src/nwfilter/nwfilter_dhcpsnoop.h               |   36 +
 src/nwfilter/nwfilter_driver.c                  |    5 +
 src/nwfilter/nwfilter_ebiptables_driver.c       |  225 +++++--
 src/nwfilter/nwfilter_gentech_driver.c          |  199 ++++-
 src/nwfilter/nwfilter_gentech_driver.h          |   11 +
 22 files changed, 1419 insertions(+), 136 deletions(-)
 create mode 100644 examples/xml/nwfilter/allow-arpip.xml
 create mode 100644 examples/xml/nwfilter/allow-arpmac.xml
 create mode 100644 examples/xml/nwfilter/no-arpip-spoofing.xml
 create mode 100644 examples/xml/nwfilter/no-arpmac-spoofing.xml
 delete mode 100644 examples/xml/nwfilter/no-other-rarp-traffic.xml
 create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.c
 create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.h

-- 
1.7.6.4

More information about the libvir-list mailing list