git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Stefan Berger <stefanb@linux.vnet.ibm.com>
	Fri, 1 Jun 2012 23:32:06 +0000 (19:32 -0400)
committer	Stefan Berger <stefanb@us.ibm.com>
	Fri, 1 Jun 2012 23:32:06 +0000 (19:32 -0400)
commit	cec281fcaace7e23c51a2da4659623afe7fd9ebb
tree	b495689a89620b61b40fe63e771dc33c027dbd13	tree
parent	195fa214b69779c12fd3587c708eaf6928cc3716	commit \| diff

nwfilter: add DHCP snooping

This patch adds DHCP snooping support to libvirt. The learning method for
IP addresses is specified by setting the "CTRL_IP_LEARNING" variable to one of
"any" [default] (existing IP learning code), "none" (static only addresses)
or "dhcp" (DHCP snooping).

Active leases are saved in a lease file and reloaded on restart or HUP.

The following interface XML activates and uses the DHCP snooping:

    <interface type='bridge'>
      <source bridge='virbr0'/>
      <filterref filter='clean-traffic'>
        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
      </filterref>
    </interface>

All filters containing the variable 'IP' are automatically adjusted when
the VM receives an IP address via DHCP. However, multiple IP addresses per
interface are silently ignored in this patch, thus only supporting one IP
address per interface. Multiple IP address support is added in a later
patch in this series.

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

docs/formatnwfilter.html.in		diff \| blob \| blame \| history
po/POTFILES.in		diff \| blob \| blame \| history
src/Makefile.am		diff \| blob \| blame \| history
src/conf/nwfilter_params.h		diff \| blob \| blame \| history
src/nwfilter/nwfilter_dhcpsnoop.c	[new file with mode: 0644]	blob
src/nwfilter/nwfilter_dhcpsnoop.h	[new file with mode: 0644]	blob
src/nwfilter/nwfilter_driver.c		diff \| blob \| blame \| history
src/nwfilter/nwfilter_gentech_driver.c		diff \| blob \| blame \| history