[libvirt] [PATCH] nwfilter: Do not require DHCP requests to be broadcast
Remove the requirement that DHCP messages have to be broadcasted. --- src/nwfilter/nwfilter_ebiptables_driver.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -3245,9 +3245,8 @@ ebtablesApplyDHCPOnlyRules(const char *i virBufferAsprintf(&buf, CMD_DEF("$EBT -t nat -A %s" - " -s %s -d Broadcast " + " -s %s" " -p ipv4 --ip-protocol udp" - " --ip-src 0.0.0.0 --ip-dst 255.255.255.255" " --ip-sport 68 --ip-dport 67" " -j ACCEPT") CMD_SEPARATOR CMD_EXEC
On 12/21/2011 08:19 AM, Stefan Berger wrote:
Remove the requirement that DHCP messages have to be broadcasted.
It might be worth listing more rationale, such as a scenario that fails without this patch.
--- src/nwfilter/nwfilter_ebiptables_driver.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -3245,9 +3245,8 @@ ebtablesApplyDHCPOnlyRules(const char *i
virBufferAsprintf(&buf, CMD_DEF("$EBT -t nat -A %s" - " -s %s -d Broadcast " + " -s %s" " -p ipv4 --ip-protocol udp" - " --ip-src 0.0.0.0 --ip-dst 255.255.255.255"
But assuming that it helped a real-life scenario, ACK. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On 12/21/2011 10:29 AM, Eric Blake wrote:
On 12/21/2011 08:19 AM, Stefan Berger wrote:
Remove the requirement that DHCP messages have to be broadcasted. It might be worth listing more rationale, such as a scenario that fails without this patch.
DHCP requests are most often sent via broadcast but can be directed at a specific DHCP server. For example 'dhclient' takes '-s <server>' as a command line parameter thus allowing DHCP requests to directed at a specific DHCP server. I'll add above rational to the commit message. Stefan
participants (2)
-
Eric Blake -
Stefan Berger