[libvirt] [PATCH] Add V6LOCAL parameter to nwfilter rules.

Eric Blake eblake at redhat.com
Wed Apr 2 19:56:59 UTC 2014 

On 04/02/2014 01:40 PM, Brian Rak wrote:
> Currently, adding any sort of IPv6 nwfilter rules is rather difficult.  There are no standard rules,

Long lines; we tend to keep commit messages wrapped around 72 columns or
so ('git log' adds indentation, and commits start to look stupid in the
terminal if they wrap while reading 'git log').

> and you end up doing a lot of things by hand.  This patch makes the $V6LOCAL variable available within
> rules.  This is the generated from the interface's mac address using the modified EUI-64 format, which
> matches what the guest should be using.

An example in the commit message of what the variable expands to would
be nice.

> 
> This is part of what information is needed to correctly filter guest IPv6 traffic.  Since this changes
> with the MAC address, it is significantly easier if libvirt populates it (rather then requring the

s/requring/requiring/

> user to enter it)
> 
> ---
>  docs/formatnwfilter.html.in            |    9 ++++++---
>  src/conf/nwfilter_params.h             |    1 +
>  src/nwfilter/nwfilter_gentech_driver.c |   23 +++++++++++++++++++++++
>  3 files changed, 30 insertions(+), 3 deletions(-)
>  mode change 100644 => 100755 src/nwfilter/nwfilter_gentech_driver.c
> 

> @@ -251,6 +251,9 @@
>        parameter similar to the IP parameter above, it is discouraged
>        since libvirt knows what MAC address an interface will be using.
>        <br/><br/>
> +      <code>V6LOCAL</code> is the computed IPv6 link-local address.
> +      This is based on the MAC variable

Also worth an example of what this will contain (such as
fe80::5254:00ff:fe1a:0a6d).  And definitely needs a "Since" tag (in the
appropriate <div> markup) mentioning this was added in 1.2.4.


> +
> +        virMacAddr parsedMac;
> +        if (virMacAddrParse(macaddr, &parsedMac) == 0)
> +        {

Style - this { belongs on the same line as the if.

> +            parsedMac.addr[0] ^= 2;
> +
> +            char euiMacAddr[26];
> +            snprintf(euiMacAddr, sizeof(euiMacAddr), "fe80::%x%x:%xff:fe%x:%x%x", parsedMac.addr[0], parsedMac.addr[1], parsedMac.addr[2],
> +                parsedMac.addr[3], parsedMac.addr[4], parsedMac.addr[5]);

Long line; please wrap to 80 columns.  You MEANT to use %02x; your code
misbehaves on zero bytes.  Why do you need to open-code the snprintf;
would it be any cleaner to just use functions from util/virsocketaddr.h
for formatting an IPv6 value that you construct from the MAC address?

The idea probably has merit, so I'm looking forward to v2.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140402/4069aad8/attachment-0001.sig>

More information about the libvir-list mailing list