[libvirt] [PATCH v2] nwfilter: Discard class D and E IP addresses when sniffing packets
V2: Corrected comment and simplified mask to check for class D and E IP addresses When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address. Signed-off-by: Stefan Berger<stefanb@us.ibm.com> --- src/nwfilter/nwfilter_learnipaddr.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c @@ -546,9 +546,11 @@ learnIPAddressThread(void *arg) struct iphdr *iphdr = (struct iphdr*)(packet + ethHdrSize); vmaddr = iphdr->saddr; - // skip eth. bcast and mcast addresses, - // and zero address in DHCP Requests - if ((ntohl(vmaddr)& 0xc0000000) || vmaddr == 0) { + // skip mcast addresses (224.0.0.0 - 239.255.255.255), + // class E (240.0.0.0 - 255.255.255.255, includes eth. + // bcast) and zero address in DHCP Requests + if ( (ntohl(vmaddr)& 0xe0000000) == 0xe0000000 || + vmaddr == 0) { vmaddr = 0; continue; }
On 08/13/2010 02:15 PM, Stefan Berger wrote:
V2: Corrected comment and simplified mask to check for class D and E IP addresses
When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address.
- // skip eth. bcast and mcast addresses, - // and zero address in DHCP Requests - if ((ntohl(vmaddr)& 0xc0000000) || vmaddr == 0) { + // skip mcast addresses (224.0.0.0 - 239.255.255.255), + // class E (240.0.0.0 - 255.255.255.255, includes eth. + // bcast) and zero address in DHCP Requests + if ( (ntohl(vmaddr)& 0xe0000000) == 0xe0000000 || ^^ [stupid thunderbird bug - why does it reformat quoted text for no reason?]
+ vmaddr == 0) {
ACK; looks better. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Stefan Berger IBM T. J. Watson Research Center, Hawthorne, NY, USA tel#: +1 914 784 7767 , fax#: +1 914 784 6225 e-mail: stefanb@us.ibm.com libvir-list-bounces@redhat.com wrote on 08/13/2010 04:21:45 PM:
[image removed]
Re: [libvirt] [PATCH v2] nwfilter: Discard class D and E IP addresses when sniffing packets
Eric Blake
to:
Stefan Berger
08/13/2010 04:36 PM
Sent by:
libvir-list-bounces@redhat.com
Cc:
libvir-list
On 08/13/2010 02:15 PM, Stefan Berger wrote:
V2: Corrected comment and simplified mask to check for class D and E IP addresses
When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address.
- // skip eth. bcast and mcast addresses, - // and zero address in DHCP Requests - if ((ntohl(vmaddr)& 0xc0000000) || vmaddr == 0) { + // skip mcast addresses (224.0.0.0 - 239.255.255.255), + // class E (240.0.0.0 - 255.255.255.255, includes eth. + // bcast) and zero address in DHCP Requests + if ( (ntohl(vmaddr)& 0xe0000000) == 0xe0000000 || ^^ [stupid thunderbird bug - why does it reformat quoted text for no reason?]
Wow, yes, that's not how I posted it. Could have also done something like (ntohl(vmaddr) >> 29) == 7, but what we have is easier to understand...
+ vmaddr == 0) {
ACK; looks better.
Pushed. Stefan
participants (3)
-
Eric Blake -
Stefan Berger -
Stefan Berger