[libvirt] [libvirt PATCHv3 00/10] DHCP snooping support for libvirt

This series of patches adds DHCP snooping support to libvirt. This version saves leases on disk for restoration after a libvirtd restart and allows selection of different ip_learning methods by setting filter parameter "ip_learning" to one of "any" (existing IP learning code) "none" (static only addresses) or "DHCP" (DHCP Snooping). This code does not (yet) support passing lease information across a migration. A migrated guest requires a DHCP ACK (e.g., via ifdown/ifup on the guest) to send/receive traffic for DHCP-learned addresses after a migration. Differences from v2: added support for multiple static IP addresses using a comma-separated list. David L Stevens (10): support continue/return allow required ARP packets reverse sense of address matching make default chain policy "DROP" allow chain modification support addRules support variable value changing add DHCP snooping add leasefile support support multiple static IP addresses examples/xml/nwfilter/Makefile.am | 5 +- examples/xml/nwfilter/allow-arp.xml | 5 +- examples/xml/nwfilter/allow-arpip.xml | 3 + examples/xml/nwfilter/allow-arpmac.xml | 3 + examples/xml/nwfilter/clean-traffic.xml | 6 +- examples/xml/nwfilter/no-arp-spoofing.xml | 38 +- examples/xml/nwfilter/no-arpip-spoofing.xml | 10 + examples/xml/nwfilter/no-arpmac-spoofing.xml | 5 + examples/xml/nwfilter/no-ip-spoofing.xml | 9 +- examples/xml/nwfilter/no-mac-spoofing.xml | 10 +- examples/xml/nwfilter/no-other-l2-traffic.xml | 13 +- examples/xml/nwfilter/no-other-rarp-traffic.xml | 3 - examples/xml/nwfilter/qemu-announce-self.xml | 1 - src/Makefile.am | 2 + src/conf/nwfilter_conf.c | 12 +- src/conf/nwfilter_conf.h | 16 +- src/nwfilter/nwfilter_dhcpsnoop.c | 938 +++++++++++++++++++++++ src/nwfilter/nwfilter_dhcpsnoop.h | 36 + src/nwfilter/nwfilter_driver.c | 5 + src/nwfilter/nwfilter_ebiptables_driver.c | 225 +++++-- src/nwfilter/nwfilter_gentech_driver.c | 225 +++++- src/nwfilter/nwfilter_gentech_driver.h | 11 + 22 files changed, 1445 insertions(+), 136 deletions(-) create mode 100644 examples/xml/nwfilter/allow-arpip.xml create mode 100644 examples/xml/nwfilter/allow-arpmac.xml create mode 100644 examples/xml/nwfilter/no-arpip-spoofing.xml create mode 100644 examples/xml/nwfilter/no-arpmac-spoofing.xml delete mode 100644 examples/xml/nwfilter/no-other-rarp-traffic.xml create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.c create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.h -- 1.7.6.4