[libvirt] [PATCH V9 0/6] Add DHCP snooping support to nwfilter
dennis jenkins
dennis.jenkins.75 at gmail.com
Fri Apr 13 17:54:35 UTC 2012
On Fri, Apr 13, 2012 at 10:09 AM, Stefan Berger
<stefanb at linux.vnet.ibm.com>wrote:
> This series of patches adds DHCP snooping support to libvirt's
> nwfilter subsystem.
>
> DHCP snooping detects DHCP leases obtained by a VM and automatically
> adjusts the network traffic filters to reflect the IP addresses
> with which a VM may send its traffic, thus for example preventing
> IP address spoofing.
> Once leases on IP addresses expire or if a VM gives up on a
> lease on an IP address, the filters are also adjusted.
> All leases are persisted and automatically applied upon a VM's restart.
> Leases are associated with the tuple of VM-UUID and interface MAC
> address.
>
> The following interface XML activates and uses the DHCP snooping:
>
> <interface type='bridge'>
> <source bridge='virbr0'/>
> <filterref filter='clean-traffic'>
> <parameter name='ip_learning' value='dhcp'/>
> </filterref>
> </interface>
>
>
> Regards,
> David and Stefan
>
Would libvirt (via the perl wrapper) be able to query the IP address
information?
I am developing a light-weight web interface for managing several QEMU
instances on my server (apache, mod_perl, Sys-Virt, libvirtd). I can get
the MAC address of each VM from the XML file ($dom->get_xml_description,
XML::Simple), but at the moment I do not have a clean way to get the
corresponding IP address.
My system runs its own DHCP server and "arpwatch". I was considering
trying to extract the MAC->IP mapping from those, but if QEMU/libvirtd
itself knows the IP in use by the VM, then that would be fantastic.
I should mention that I'm using "br0", not "virbr0" style bridges. I don't
know if that matters.
Thank you guys for your excellent work and your time. Libvirt and the
wrapper APIs are incredibly useful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120413/b914356c/attachment-0001.htm>
More information about the libvir-list
mailing list