[libvirt] [libvirt PATCHv3 00/10] DHCP snooping support for libvirt

David L Stevens dlstevens at us.ibm.com
Wed Oct 12 19:50:11 UTC 2011


This series of patches adds DHCP snooping support to libvirt. This version
saves leases on disk for restoration after a libvirtd restart and allows
selection of different ip_learning methods by setting filter parameter
"ip_learning" to one of "any" (existing IP learning code) "none" (static only
addresses) or "DHCP" (DHCP Snooping).

This code does not (yet) support passing lease information across a migration.
A migrated guest requires a DHCP ACK (e.g., via ifdown/ifup on the guest) to
send/receive traffic for DHCP-learned addresses after a migration.

Differences from v2: added support for multiple static IP addresses using
                     a comma-separated list.

David L Stevens (10):
  support continue/return
  allow required ARP packets
  reverse sense of address matching
  make default chain policy "DROP"
  allow chain modification
  support addRules
  support variable value changing
  add DHCP snooping
  add leasefile support
  support multiple static IP addresses

 examples/xml/nwfilter/Makefile.am               |    5 +-
 examples/xml/nwfilter/allow-arp.xml             |    5 +-
 examples/xml/nwfilter/allow-arpip.xml           |    3 +
 examples/xml/nwfilter/allow-arpmac.xml          |    3 +
 examples/xml/nwfilter/clean-traffic.xml         |    6 +-
 examples/xml/nwfilter/no-arp-spoofing.xml       |   38 +-
 examples/xml/nwfilter/no-arpip-spoofing.xml     |   10 +
 examples/xml/nwfilter/no-arpmac-spoofing.xml    |    5 +
 examples/xml/nwfilter/no-ip-spoofing.xml        |    9 +-
 examples/xml/nwfilter/no-mac-spoofing.xml       |   10 +-
 examples/xml/nwfilter/no-other-l2-traffic.xml   |   13 +-
 examples/xml/nwfilter/no-other-rarp-traffic.xml |    3 -
 examples/xml/nwfilter/qemu-announce-self.xml    |    1 -
 src/Makefile.am                                 |    2 +
 src/conf/nwfilter_conf.c                        |   12 +-
 src/conf/nwfilter_conf.h                        |   16 +-
 src/nwfilter/nwfilter_dhcpsnoop.c               |  938 +++++++++++++++++++++++
 src/nwfilter/nwfilter_dhcpsnoop.h               |   36 +
 src/nwfilter/nwfilter_driver.c                  |    5 +
 src/nwfilter/nwfilter_ebiptables_driver.c       |  225 +++++--
 src/nwfilter/nwfilter_gentech_driver.c          |  225 +++++-
 src/nwfilter/nwfilter_gentech_driver.h          |   11 +
 22 files changed, 1445 insertions(+), 136 deletions(-)
 create mode 100644 examples/xml/nwfilter/allow-arpip.xml
 create mode 100644 examples/xml/nwfilter/allow-arpmac.xml
 create mode 100644 examples/xml/nwfilter/no-arpip-spoofing.xml
 create mode 100644 examples/xml/nwfilter/no-arpmac-spoofing.xml
 delete mode 100644 examples/xml/nwfilter/no-other-rarp-traffic.xml
 create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.c
 create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.h

-- 
1.7.6.4




More information about the libvir-list mailing list