[libvirt] [PATCH v2 2/2] bridge driver: don't masquerade local subnet broadcast/multicast packets
Laszlo Ersek
lersek at redhat.com
Tue Sep 24 18:19:57 UTC 2013
On 09/24/13 18:10, Brian J. Murrell wrote:
> On 13-09-23 02:27 PM, Laszlo Ersek wrote:
>>
>> If you disagree with this approach (that is: if you think that
>> "224.0.0.0/24" here is not gradual improvement but a step in the wrong
>> direction),
>
> Of course I'm not saying that. I think that's pretty clear. The only
> point we disagree on is the size of the network range, not the
> implementation of the feature so by definition of course your patch is a
> good initial improvement and should continue on that path.
>
> If somebody really needs to come along afterward as a separate effort
> and expand the range (or at least be able to leverage your work to do so
> in their own private builds) then that can happen.
Thanks, and that's really what I consider necessary.
We agree that the change is not big or hard. It's just that
- I can't convincingly argue the change in the commit message,
- security is in the picture (and I can't argue it isn't),
- hence I *really* don't want my S-o-b on the change.
I'm not opposing the change at all, I just don't want my name on it,
because I *can't prove* that it's secure. For the restrictive prefix I
have at least public references.
Thanks,
Laszlo
More information about the libvir-list
mailing list