[libvirt] [PATCH v2 2/2] bridge driver: don't masquerade local subnet broadcast/multicast packets
Laszlo Ersek
lersek at redhat.com
Tue Sep 24 00:01:38 UTC 2013
On 09/23/13 16:46, Laine Stump wrote:
> 2) Along with 255.255.255.255/32, I think this patch can/should also add
> a "networkDirectedLocalBroadcast" (which will obviously need to be a
> local variable and recomputed each time). This can be computed by ORing
> the ip address of the network with ~netmask, then appending a 32 prefix.
> So for example, the directed broadcast for 192.168.122.1/24 would be
> 192.168.122.255/32.
I have just finished implementing and testing this. And now I realize
that such a rule is not necessary at all :)
Because, 192.168.122.255/32 actually *falls into* 192.168.122.0/24.
Hence, the masquerading rules, which are restricted to
!192.168.122.0/24
destination addresses, *ignore* 192.168.122.255/32 anyway.
255.255.255.255/32 is tricky because it never falls into the bridge's
subnet numerically (consequently, it always matches the exclusive
constraint), and yet it must not be masqueraded.
I'm posting the v3 series anyway. It shouldn't be hard to trim it down
for v4...
Thanks,
Laszlo
More information about the libvir-list
mailing list