[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 9/9] add DHCP snooping support to nwfilter

From: "Daniel P. Berrange" <berrange redhat com>
To: David L Stevens <dlstevens us ibm com>
Cc: libvirt-list redhat com
Subject: Re: [libvirt] [PATCH 9/9] add DHCP snooping support to nwfilter
Date: Tue, 10 May 2011 10:28:25 +0100

On Mon, May 09, 2011 at 01:12:10PM -0700, David L Stevens wrote:
> This patch removes remaining pieces of IP address learning.

Do we actually want todo this ?  This is effectively causing a
regression in functionality for anyone who's relying on the
current IP learning support, but who does not use DHCP.

I'm inclined to say that we should have a configuration
parameter in /etc/libvirt/qemu.conf  (or /etc/libvirt/nwfilter.conf)
to specify the learning method, and perhaps to also specify
a particular DHCP server address (otherwise one guest could
run a malicious DHCP server and hand out addrs to other
guests). so perhaps:

   ip_learning="none|arp|dhcp"
   dhcp_server="192.2.2.43"

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

Follow-Ups:
- Re: [libvirt] [PATCH 9/9] add DHCP snooping support to nwfilter
  - From: David Stevens
- Re: [libvirt] [PATCH 9/9] add DHCP snooping support to nwfilter
  - From: Stefan Berger

References:
- [libvirt] [PATCH 9/9] add DHCP snooping support to nwfilter
  - From: David L Stevens

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]