On 05/10/2011 05:28 AM, Daniel P. Berrange wrote:
On Mon, May 09, 2011 at 01:12:10PM -0700, David L Stevens wrote:
> This patch removes remaining pieces of IP address learning.
Do we actually want todo this ? This is effectively causing a
regression in functionality for anyone who's relying on the
current IP learning support, but who does not use DHCP.
I'm inclined to say that we should have a configuration
parameter in /etc/libvirt/qemu.conf (or /etc/libvirt/nwfilter.conf)
to specify the learning method, and perhaps to also specify
a particular DHCP server address (otherwise one guest could
run a malicious DHCP server and hand out addrs to other
guests). so perhaps:
ip_learning="none|arp|dhcp"
dhcp_server="192.2.2.43"
You'd need a trusted dhcp_server for
every possible VLAN (802.1Q)...
Stefan