nwfilter: adapt IP learning for broadcasted DHCP replies

Adapt the IP learning code to also accept broadcasted DHCP replies
This commit is contained in:
Stefan Berger 2012-08-30 14:29:51 -04:00 committed by Daniel Veillard
parent c828a746fa
commit 4021b85fce

View File

@ -414,9 +414,7 @@ learnIPAddressThread(void *arg)
req->status = EINVAL; req->status = EINVAL;
goto done; goto done;
} }
virBufferAsprintf(&buf, " ether dst %s" virBufferAsprintf(&buf, "src port 67 and dst port 68");
" and src port 67 and dst port 68",
macaddr);
break; break;
default: default:
if (techdriver->applyBasicRules(req->ifname, if (techdriver->applyBasicRules(req->ifname,
@ -424,7 +422,8 @@ learnIPAddressThread(void *arg)
req->status = EINVAL; req->status = EINVAL;
goto done; goto done;
} }
virBufferAsprintf(&buf, "ether host %s", macaddr); virBufferAsprintf(&buf, "ether host %s or ether dst ff:ff:ff:ff:ff:ff",
macaddr);
} }
if (virBufferError(&buf)) { if (virBufferError(&buf)) {
@ -529,7 +528,9 @@ learnIPAddressThread(void *arg)
} }
} }
} else if (virMacAddrCmpRaw(&req->macaddr, } else if (virMacAddrCmpRaw(&req->macaddr,
ether_hdr->ether_dhost) == 0) { ether_hdr->ether_dhost) == 0 ||
/* allow Broadcast replies from DHCP server */
virMacAddrIsBroadcastRaw(ether_hdr->ether_dhost)) {
/* packets to the VM */ /* packets to the VM */
if (etherType == ETHERTYPE_IP && if (etherType == ETHERTYPE_IP &&
(header.len >= ethHdrSize + (header.len >= ethHdrSize +