[libvirt] [PATCH] Log an error on attempts to add a NAT rule for non-IPv4 addresses

Laine Stump laine at laine.org
Wed Jan 5 17:01:57 UTC 2011


On 01/05/2011 11:28 AM, Eric Blake wrote:
> On 01/04/2011 11:14 PM, Laine Stump wrote:
>> Although the upper-layer code protected against it, it was possible to
>> call iptablesForwardMasquerade() with an IPv6 address and have it
>> attempt to add a rule to the MASQUERADE chain of ip6tables (which
>> doesn't exist).
>>
>> This patch changes that function to check the protocol of the given
>> address, generate an error log if it's not IPv4 (AF_INET), and finally
>> hardcodes all the family parameters sent down to lower-level functions.
> ACK.
>

Thanks, it's been pushed.




More information about the libvir-list mailing list