[libvirt] [RFC PATCHv2 0/9] DHCP snooping support for libvirt.

Wednesday, 5 October 2011

This series of patches adds DHCP snooping support to libvirt. This version
saves leases on disk for restoration after a libvirtd restart and allows
selection of different ip_learning methods by setting filter parameter
"ip_learning" to one of "any" (existing IP learning code)
"none" (static only
addresses) or "DHCP" (DHCP Snooping).

This code does not (yet) support passing lease information across a migration.
A migrated guest requires a DHCP ACK (e.g., via ifdown/ifup on the guest) to
send/receive traffic for DHCP-learned addresses after a migration.

David L Stevens (9):
  support continue/return
  allow required ARP packets
  reverse sense of address matching
  make default chain policy "DROP"
  allow chain modification
  support addRules
  support variable value changing
  add DHCP snooping
  add leasefile support

 examples/xml/nwfilter/Makefile.am               |    5 +-
 examples/xml/nwfilter/allow-arp.xml             |    5 +-
 examples/xml/nwfilter/allow-arpip.xml           |    3 +
 examples/xml/nwfilter/allow-arpmac.xml          |    3 +
 examples/xml/nwfilter/clean-traffic.xml         |    6 +-
 examples/xml/nwfilter/no-arp-spoofing.xml       |   38 +-
 examples/xml/nwfilter/no-arpip-spoofing.xml     |   10 +
 examples/xml/nwfilter/no-arpmac-spoofing.xml    |    5 +
 examples/xml/nwfilter/no-ip-spoofing.xml        |    9 +-
 examples/xml/nwfilter/no-mac-spoofing.xml       |   10 +-
 examples/xml/nwfilter/no-other-l2-traffic.xml   |   13 +-
 examples/xml/nwfilter/no-other-rarp-traffic.xml |    3 -
 examples/xml/nwfilter/qemu-announce-self.xml    |    1 -
 src/Makefile.am                                 |    2 +
 src/conf/nwfilter_conf.c                        |   12 +-
 src/conf/nwfilter_conf.h                        |   16 +-
 src/nwfilter/nwfilter_dhcpsnoop.c               |  938 +++++++++++++++++++++++
 src/nwfilter/nwfilter_dhcpsnoop.h               |   36 +
 src/nwfilter/nwfilter_driver.c                  |    5 +
 src/nwfilter/nwfilter_ebiptables_driver.c       |  225 +++++--
 src/nwfilter/nwfilter_gentech_driver.c          |  199 ++++-
 src/nwfilter/nwfilter_gentech_driver.h          |   11 +
 22 files changed, 1419 insertions(+), 136 deletions(-)
 create mode 100644 examples/xml/nwfilter/allow-arpip.xml
 create mode 100644 examples/xml/nwfilter/allow-arpmac.xml
 create mode 100644 examples/xml/nwfilter/no-arpip-spoofing.xml
 create mode 100644 examples/xml/nwfilter/no-arpmac-spoofing.xml
 delete mode 100644 examples/xml/nwfilter/no-other-rarp-traffic.xml
 create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.c
 create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.h

-- 
1.7.6.4

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [RFC PATCHv2 0/9] DHCP snooping support for libvirt.