Re: [libvirt] [PATCH 0/9] add DHCP snooping support to nwfilter
On 05/09/2011 02:00 PM, David L Stevens wrote:
The following series of patches replaces IP address learning in
network filtering with DHCP snooping. The existing address learning capability
does not provide security since it relies on addresses used in initial packets
sent by the guest to determine an IP address. A spoofing guest can simply
arrange to send packets using the target address early on.
With DHCP snooping, only addresses acknowledged by a DHCP server can
be used by the guest, and only for the given lease time if the address lease
is not renewed.
The patches also add support for multiple IP addresses per interface.
Can you configure your mailer to send related patches threaded to one
another (or at least all as a reply to the 0/9 cover-letter), rather
than starting an independent thread for each mail in the series? 'git
send-email' can do this. Also, some of your mails came through twice;
for example:
https://www.redhat.com/archives/libvir-list/2011-May/msg00437.html
https://www.redhat.com/archives/libvir-list/2011-May/msg00441.html
which has the tendency to cause review confusion.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)