David Stevens/Beaverton/IBM@IBMUS wrote on 05/09/2011 04:04:47 PM:
> diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c > index c5705c1..df1a012 100644 > --- a/src/conf/nwfilter_conf.c > +++ b/src/conf/nwfilter_conf.c > @@ -82,7 +82,9 @@ VIR_ENUM_IMPL(virNWFilterEbtablesTable, > VIR_NWFILTER_EBTABLES_TABLE_LAST, > > VIR_ENUM_IMPL(virNWFilterChainSuffix, VIR_NWFILTER_CHAINSUFFIX_LAST, > "root", > - "arp", > + "mac", > + "arpmac", > + "arpip", > "rarp", > "ipv4", > "ipv6"); The mac chain is there for supporting multiple MAC addresses per interface. What is the use case for having multiple MAC address on an interface and how do I set this up in a Linux guest for example? I am not sure whether we should remove a chain, i.e., the 'arp' chain here. Adding is ok. Maybe the existing chain 'arp' could be doing one part and 'arpmac' the other ? > diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h > index ef60b6b..4d60751 100644 > --- a/src/conf/nwfilter_conf.h > +++ b/src/conf/nwfilter_conf.h > @@ -425,7 +425,9 @@ struct _virNWFilterEntry { > > enum virNWFilterChainSuffixType { > VIR_NWFILTER_CHAINSUFFIX_ROOT = 0, > - VIR_NWFILTER_CHAINSUFFIX_ARP, > + VIR_NWFILTER_CHAINSUFFIX_MAC, > + VIR_NWFILTER_CHAINSUFFIX_ARPMAC, > + VIR_NWFILTER_CHAINSUFFIX_ARPIP, > VIR_NWFILTER_CHAINSUFFIX_RARP, > VIR_NWFILTER_CHAINSUFFIX_IPv4, > VIR_NWFILTER_CHAINSUFFIX_IPv6, > diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/ > nwfilter/nwfilter_ebiptables_driver.c > index 39bd4a5..fa6f719 100644 > --- a/src/nwfilter/nwfilter_ebiptables_driver.c > +++ b/src/nwfilter/nwfilter_ebiptables_driver.c > @@ -129,20 +129,24 @@ struct ushort_map { > > > enum l3_proto_idx { > - L3_PROTO_IPV4_IDX = 0, > - L3_PROTO_IPV6_IDX, > - L3_PROTO_ARP_IDX, > + L3_PROTO_MAC_IDX = 0, > + L3_PROTO_ARPMAC_IDX, > + L3_PROTO_ARPIP_IDX, > L3_PROTO_RARP_IDX, > + L3_PROTO_IPV4_IDX, > + L3_PROTO_IPV6_IDX, > L3_PROTO_LAST_IDX > }; > > #define USHORTMAP_ENTRY_IDX(IDX, ATT, VAL) [IDX] = { .attr = ATT, > .val = VAL } > > static const struct ushort_map l3_protocols[] = { > - USHORTMAP_ENTRY_IDX(L3_PROTO_IPV4_IDX, ETHERTYPE_IP , "ipv4"), > - USHORTMAP_ENTRY_IDX(L3_PROTO_IPV6_IDX, ETHERTYPE_IPV6 , "ipv6"), > - USHORTMAP_ENTRY_IDX(L3_PROTO_ARP_IDX , ETHERTYPE_ARP , "arp"), > - USHORTMAP_ENTRY_IDX(L3_PROTO_RARP_IDX, ETHERTYPE_REVARP, "rarp"), > + USHORTMAP_ENTRY_IDX(L3_PROTO_MAC_IDX, 0 , "mac"), > + USHORTMAP_ENTRY_IDX(L3_PROTO_IPV4_IDX, ETHERTYPE_IP , "ipv4"), > + USHORTMAP_ENTRY_IDX(L3_PROTO_IPV6_IDX, ETHERTYPE_IPV6 , "ipv6"), > + USHORTMAP_ENTRY_IDX(L3_PROTO_ARPMAC_IDX,ETHERTYPE_ARP , "arpmac"), > + USHORTMAP_ENTRY_IDX(L3_PROTO_ARPIP_IDX, ETHERTYPE_ARP , "arpip"), > + USHORTMAP_ENTRY_IDX(L3_PROTO_RARP_IDX, ETHERTYPE_REVARP, "rarp"), > USHORTMAP_ENTRY_IDX(L3_PROTO_LAST_IDX, 0 , NULL), > }; > Can you run a VM and do a 'ebtables -t nat -L' and post the output. I'd be curious how the chains look like now with the 'clean-traffic' filter without having to apply the patches and test them. Regards, Stefan
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list