[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 0/9] add DHCP snooping support to nwfilter



On 05/09/2011 02:00 PM, David L Stevens wrote:
> 	The following series of patches replaces IP address learning in
> network filtering with DHCP snooping. The existing address learning capability 
> does not provide security since it relies on addresses used in initial packets
> sent by the guest to determine an IP address. A spoofing guest can simply
> arrange to send packets using the target address early on.
> 	With DHCP snooping, only addresses acknowledged by a DHCP server can
> be used by the guest, and only for the given lease time if the address lease
> is not renewed.
> 	The patches also add support for multiple IP addresses per interface.

Can you configure your mailer to send related patches threaded to one
another (or at least all as a reply to the 0/9 cover-letter), rather
than starting an independent thread for each mail in the series?  'git
send-email' can do this.  Also, some of your mails came through twice;
for example:

https://www.redhat.com/archives/libvir-list/2011-May/msg00437.html
https://www.redhat.com/archives/libvir-list/2011-May/msg00441.html

which has the tendency to cause review confusion.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]