On 6/10/20 12:14 AM, Laine Stump wrote:
On 6/9/20 12:17 PM, Daniel P. Berrangé wrote:
Now that we have support for IPv6 in the iptables helpers, and a new option in the XML schema, we can wire up support for it in the network driver.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/network/bridge_driver_linux.c | 23 +- .../nat-ipv6-masquerade-linux.args | 228 ++++++++++++++++++ .../nat-ipv6-masquerade.xml | 17 ++ tests/networkxml2firewalltest.c | 1 + 4 files changed, 262 insertions(+), 7 deletions(-) create mode 100644 tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.args create mode 100644 tests/networkxml2firewalldata/nat-ipv6-masquerade.xml
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c index b0bd207250..fcb3803965 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -307,7 +307,8 @@ int networkCheckRouteCollision(virNetworkDefPtr def) return ret; } -static const char networkLocalMulticast[] = "224.0.0.0/24"; +static const char networkLocalMulticastIPv4[] = "224.0.0.0/24"; +static const char networkLocalMulticastIPv6[] = "ffx2::/16";
Once I got everything built and tried starting a network with ipv6 nat, I got this error message:
virsh net-start ipv6 error: Failed to start network ipv6 error: COMMAND_FAILED: '/usr/sbin/ip6tables -w10 -w --table nat --insert LIBVIRT_PRT --source 2001:4978:2ac:5::/80 --destination ffx2::/16 --jump RETURN' failed: ip6tables v1.8.3 (legacy): host/network `ffx2::' not found Try `ip6tables -h' or 'ip6tables --help' for more information.
Do we need to do something different for multicast traffic in the case of IPv6?
Other than that it all looks good, so
Reviewed-by: Laine Stump <laine@redhat.com>
once the problem with multicast ffx2::/16 as the destination of a rule is resolved.
Based on discussion on IRC, apparently the "x" "ffx2" in the standards docs is intended to mean "any value for this digit", but so far only "ff02" is assigned/used, so we're in agreement that we should just change ffx2 (both here and in the test results file) to ff02.