mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-07 18:35:46 +00:00
nwfilter: Add ARP src/dst IP mask for ebtables ARP
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=862887 Add a netmask for the source and destination IP address for the ebtables --arp-ip-src and --arp-ip-dst options. Extend the XML parser with support for XML attributes for these netmasks similar to already supported netmasks. Extend the documentation. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This commit is contained in:
Stefan Berger
Stefan Berger
parent
5a2b17beb8
commit
a81756f1ff
@ -989,11 +989,21 @@
|
||||
<td>IP_ADDR</td>
|
||||
<td>Source IP address in ARP/RARP packet</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>arpsrcipmask <span class="since">(Since 1.2.3)</span></td>
|
||||
<td>IP_MASK</td>
|
||||
<td>Source IP mask</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>arpdstipaddr</td>
|
||||
<td>IP_ADDR</td>
|
||||
<td>Destination IP address in ARP/RARP packet</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>arpdstipmask <span class="since">(Since 1.2.3)</span></td>
|
||||
<td>IP_MASK</td>
|
||||
<td>Destination IP mask</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>comment <span class="since">(Since 0.8.5)</span></td>
|
||||
<td>STRING</td>
|
||||
|
||||
@ -173,7 +173,9 @@ static const char dstmacmask_str[] = "dstmacmask";
|
||||
static const char arpsrcmacaddr_str[] = "arpsrcmacaddr";
|
||||
static const char arpdstmacaddr_str[] = "arpdstmacaddr";
|
||||
static const char arpsrcipaddr_str[] = "arpsrcipaddr";
|
||||
static const char arpsrcipmask_str[] = "arpsrcipmask";
|
||||
static const char arpdstipaddr_str[] = "arpdstipaddr";
|
||||
static const char arpdstipmask_str[] = "arpdstipmask";
|
||||
static const char srcipaddr_str[] = "srcipaddr";
|
||||
static const char srcipmask_str[] = "srcipmask";
|
||||
static const char dstipaddr_str[] = "dstipaddr";
|
||||
@ -198,7 +200,9 @@ static const char ipsetflags_str[] = "ipsetflags";
|
||||
#define ARPSRCMACADDR arpsrcmacaddr_str
|
||||
#define ARPDSTMACADDR arpdstmacaddr_str
|
||||
#define ARPSRCIPADDR arpsrcipaddr_str
|
||||
#define ARPSRCIPMASK arpsrcipmask_str
|
||||
#define ARPDSTIPADDR arpdstipaddr_str
|
||||
#define ARPDSTIPMASK arpdstipmask_str
|
||||
#define SRCIPADDR srcipaddr_str
|
||||
#define SRCIPMASK srcipmask_str
|
||||
#define DSTIPADDR dstipaddr_str
|
||||
@ -1301,10 +1305,18 @@ static const virXMLAttr2Struct arpAttributes[] = {
|
||||
.name = ARPSRCIPADDR,
|
||||
.datatype = DATATYPE_IPADDR,
|
||||
.dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPSrcIPAddr),
|
||||
}, {
|
||||
.name = ARPSRCIPMASK,
|
||||
.datatype = DATATYPE_IPMASK,
|
||||
.dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPSrcIPMask),
|
||||
}, {
|
||||
.name = ARPDSTIPADDR,
|
||||
.datatype = DATATYPE_IPADDR,
|
||||
.dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPDstIPAddr),
|
||||
}, {
|
||||
.name = ARPDSTIPMASK,
|
||||
.datatype = DATATYPE_IPMASK,
|
||||
.dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPDstIPMask),
|
||||
}, {
|
||||
.name = "gratuitous",
|
||||
.datatype = DATATYPE_BOOLEAN,
|
||||
|
||||
@ -209,8 +209,10 @@ struct _arpHdrFilterDef {
|
||||
nwItemDesc dataOpcode;
|
||||
nwItemDesc dataARPSrcMACAddr;
|
||||
nwItemDesc dataARPSrcIPAddr;
|
||||
nwItemDesc dataARPSrcIPMask;
|
||||
nwItemDesc dataARPDstMACAddr;
|
||||
nwItemDesc dataARPDstIPAddr;
|
||||
nwItemDesc dataARPDstIPMask;
|
||||
nwItemDesc dataGratuitousARP;
|
||||
nwItemDesc dataComment;
|
||||
};
|
||||
|
||||
@ -2052,6 +2052,7 @@ ebtablesCreateRuleInstance(char chainPrefix,
|
||||
{
|
||||
char macaddr[VIR_MAC_STRING_BUFLEN],
|
||||
ipaddr[INET_ADDRSTRLEN],
|
||||
ipmask[INET_ADDRSTRLEN],
|
||||
ipv6addr[INET6_ADDRSTRLEN],
|
||||
number[MAX(INT_BUFSIZE_BOUND(uint32_t),
|
||||
INT_BUFSIZE_BOUND(int))],
|
||||
@ -2059,6 +2060,7 @@ ebtablesCreateRuleInstance(char chainPrefix,
|
||||
char chain[MAX_CHAINNAME_LENGTH];
|
||||
virBuffer buf = VIR_BUFFER_INITIALIZER;
|
||||
const char *target;
|
||||
bool hasMask = false;
|
||||
|
||||
if (!ebtables_cmd_path) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
@ -2262,11 +2264,20 @@ ebtablesCreateRuleInstance(char chainPrefix,
|
||||
&rule->p.arpHdrFilter.dataARPSrcIPAddr) < 0)
|
||||
goto err_exit;
|
||||
|
||||
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcIPMask)) {
|
||||
if (printDataType(vars,
|
||||
ipmask, sizeof(ipmask),
|
||||
&rule->p.arpHdrFilter.dataARPSrcIPMask) < 0)
|
||||
goto err_exit;
|
||||
hasMask = true;
|
||||
}
|
||||
|
||||
virBufferAsprintf(&buf,
|
||||
" %s %s %s",
|
||||
" %s %s %s/%s",
|
||||
reverse ? "--arp-ip-dst" : "--arp-ip-src",
|
||||
ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPSrcIPAddr),
|
||||
ipaddr);
|
||||
ipaddr,
|
||||
hasMask ? ipmask : "32");
|
||||
}
|
||||
|
||||
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPAddr)) {
|
||||
@ -2275,11 +2286,20 @@ ebtablesCreateRuleInstance(char chainPrefix,
|
||||
&rule->p.arpHdrFilter.dataARPDstIPAddr) < 0)
|
||||
goto err_exit;
|
||||
|
||||
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPMask)) {
|
||||
if (printDataType(vars,
|
||||
ipmask, sizeof(ipmask),
|
||||
&rule->p.arpHdrFilter.dataARPDstIPMask) < 0)
|
||||
goto err_exit;
|
||||
hasMask = true;
|
||||
}
|
||||
|
||||
virBufferAsprintf(&buf,
|
||||
" %s %s %s",
|
||||
" %s %s %s/%s",
|
||||
reverse ? "--arp-ip-src" : "--arp-ip-dst",
|
||||
ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPDstIPAddr),
|
||||
ipaddr);
|
||||
ipaddr,
|
||||
hasMask ? ipmask : "32");
|
||||
}
|
||||
|
||||
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcMACAddr)) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user