3:15 p.m.
V2: Corrected comment and simplified mask to check for class D and E
IP addresses
When sniffing the network traffic, discard class D and E IP addresses
when sniffing traffic. This was a reason why filters were not correctly
rebuilt on VMs on the local 192.* network when libvirt was restarted and
those VMs did not use a DHCP request to get its IP address.
Signed-off-by: Stefan Berger<stefanb(a)us.ibm.com>
---
src/nwfilter/nwfilter_learnipaddr.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c
+++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c
@@ -546,9 +546,11 @@ learnIPAddressThread(void *arg)
struct iphdr *iphdr = (struct iphdr*)(packet +
ethHdrSize);
vmaddr = iphdr->saddr;
- // skip eth. bcast and mcast addresses,
- // and zero address in DHCP Requests
- if ((ntohl(vmaddr)& 0xc0000000) || vmaddr == 0) {
+ // skip mcast addresses (224.0.0.0 - 239.255.255.255),
+ // class E (240.0.0.0 - 255.255.255.255, includes eth.
+ // bcast) and zero address in DHCP Requests
+ if ( (ntohl(vmaddr)& 0xe0000000) == 0xe0000000 ||
+ vmaddr == 0) {
vmaddr = 0;
continue;
}
3:21 p.m.
On 08/13/2010 02:15 PM, Stefan Berger wrote:
V2: Corrected comment and simplified mask to check for class D and E
IP
addresses
When sniffing the network traffic, discard class D and E IP addresses
when sniffing traffic. This was a reason why filters were not correctly
rebuilt on VMs on the local 192.* network when libvirt was restarted and
those VMs did not use a DHCP request to get its IP address.
- // skip eth. bcast and mcast addresses,
- // and zero address in DHCP Requests
- if ((ntohl(vmaddr)& 0xc0000000) || vmaddr == 0) {
+ // skip mcast addresses (224.0.0.0 - 239.255.255.255),
+ // class E (240.0.0.0 - 255.255.255.255, includes eth.
+ // bcast) and zero address in DHCP Requests
+ if ( (ntohl(vmaddr)& 0xe0000000) == 0xe0000000 ||
^^
[stupid thunderbird bug - why does it reformat quoted text for no reason?]
+ vmaddr == 0) {
ACK; looks better.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
3:44 p.m.
Stefan Berger
IBM T. J. Watson Research Center,
Hawthorne, NY, USA
tel#: +1 914 784 7767 ,
fax#: +1 914 784 6225
e-mail: stefanb(a)us.ibm.com
libvir-list-bounces(a)redhat.com wrote on 08/13/2010 04:21:45 PM:
[image removed]
Re: [libvirt] [PATCH v2] nwfilter: Discard class D and E IP
addresses when sniffing packets
Eric Blake
to:
Stefan Berger
08/13/2010 04:36 PM
Sent by:
libvir-list-bounces(a)redhat.com
Cc:
libvir-list
On 08/13/2010 02:15 PM, Stefan Berger wrote:
> V2: Corrected comment and simplified mask to check for class D and E
IP
> addresses
>
> When sniffing the network traffic, discard class D and E IP addresses
> when sniffing traffic. This was a reason why filters were not
correctly
> rebuilt on VMs on the local 192.* network when libvirt was
restarted
and
> those VMs did not use a DHCP request to get its IP address.
>
> - // skip eth. bcast and mcast addresses,
> - // and zero address in DHCP Requests
> - if ((ntohl(vmaddr)& 0xc0000000) || vmaddr == 0)
{
> + // skip mcast addresses (224.0.0.0 -
239.255.255.255),
> + // class E (240.0.0.0 - 255.255.255.255,
includes
eth.
> + // bcast) and zero address in DHCP
Requests
> + if ( (ntohl(vmaddr)& 0xe0000000) == 0xe0000000
||
^^
[stupid thunderbird bug - why does it reformat quoted text for no
reason?]
Wow, yes, that's not how I posted it.
Could have also done something like (ntohl(vmaddr) >> 29) == 7, but what
we have is easier to understand...
> + vmaddr == 0) {
ACK; looks better.
Pushed.
Stefan
5269
days inactive
5269
days old
2 comments
3 participants
participants (3)
-
Eric Blake -
Stefan Berger -
Stefan Berger