Re: [libvirt] [PATCH v3 0/4] don't masquerade local broadcast/multicast packets

On 09/24/13 02:03, Laszlo Ersek wrote:

> v2->v3 changes:
> - Rename iptables(Add|Remove)ForwardDontMasquerade to
>          iptables(Add|Remove)DontMasquerade [Laine].
> - Pass (address, prefix) pairs as both source and destination parameters
>   to these functions.
> - Introduce virPfxSocketAddr structure for simpler handling of said
>   (address, prefix) pairs.
> - Also prevent masquerading of directed broadcast [Laine].
> - Start to get serious about pointers-to-const.

OK, let me summarize the comments still standing:

For v2:
- Laine wants the functions added in patch #1 renamed.

For v3:

- Missing address family check for @dst in iptablesDontMasquerade() in
  patch #2 [Laine]

- Drop the sa_assert()s in networkFillMasqExceptions() in patch #4

- Drop the address-dependent broadcast rule in patch #4 [Laine] same

The address-dependent broadcast rule in patch #4 (that couldn't be
hard-coded) was the reason for all of the new code between v2 and v3. If
I drop that iptables rule, but keep the rest of v3, I'll be thrashing a
bunch of code around for no good reason.

I might as well fix up v2 as requested originally, and submit that as

What do you recommend? I think fixing up v2 with the renames is a better
approach. I'm fine either way, I'd just like to get this merged and stop
wasting the time of y'all.


