[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[libvirt] [PATCH V10 0/7] Add DHCP snooping support to nwfilter
- From: Stefan Berger <stefanb linux vnet ibm com>
- To: stefanb linux vnet ibm com, libvir-list redhat com
- Subject: [libvirt] [PATCH V10 0/7] Add DHCP snooping support to nwfilter
- Date: Mon, 16 Apr 2012 11:08:13 -0400
This series of patches adds DHCP snooping support to libvirt's
nwfilter subsystem.
DHCP snooping detects DHCP leases obtained by a VM and automatically
adjusts the network traffic filters to reflect the IP addresses
with which a VM may send its traffic, thus for example preventing
IP address spoofing.
Once leases on IP addresses expire or if a VM gives up on a
lease on an IP address, the filters are also adjusted.
All leases are persisted and automatically applied upon a VM's restart.
Leases are associated with the tuple of VM-UUID and interface MAC
address.
The following interface XML activates and uses the DHCP snooping:
<interface type='bridge'>
<source bridge='virbr0'/>
<filterref filter='clean-traffic'>
<parameter name='ip_learning' value='dhcp'/>
</filterref>
</interface>
Once an IP address has been detected on an interface, 'virsh dumpxml <vm>'
would show the IP address lease in the format <IP address>,<lease timeout
in seconds>:
<interface type='bridge'>
<source bridge='virbr0'/>
<filterref filter='clean-traffic'>
<parameter name='ip_learning' value='dhcp'/>
<parameter name='IP_LEASE' value='192.168.122.210,180'/>
</filterref>
</interface>
Regards,
David and Stefan
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]