[libvirt] [PATCH v4 0/2] don't masquerade local broadcast/multicast packets

v2->v4 changes (v3 went in a different direction): - Rename iptables(Add|Remove)ForwardDontMasquerade to iptables(Add|Remove)DontMasquerade [Laine]. Masquerading local broadcast breaks DHCP replies for some clients. There has been a report about broken local multicast too. (See references in the patches.) Testing: Chain POSTROUTING (policy ACCEPT 2 packets, 134 bytes) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 192.168.122.0/24 224.0.0.0/24 0 0 RETURN all -- * * 192.168.122.0/24 255.255.255.255 0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24 + make check, make syntax-check, virsh net-start / net-destroy. Laszlo Ersek (2): util/viriptables: add/remove rules that short-circuit masquerading bridge driver: don't masquerade local subnet broadcast/multicast packets src/util/viriptables.h | 8 ++++ src/network/bridge_driver_linux.c | 70 +++++++++++++++++++++++++++++-- src/util/viriptables.c | 88 +++++++++++++++++++++++++++++++++++++++ src/libvirt_private.syms | 2 + 4 files changed, 164 insertions(+), 4 deletions(-) -- 1.8.3.1