Laszlo Ersek 51e184e982 bridge driver: don't masquerade local subnet broadcast/multicast packets ... Packets sent by guests on virbrN, *or* by dnsmasq on the same, to - 255.255.255.255/32 (netmask-independent local network broadcast address), or to - 224.0.0.0/24 (local subnetwork multicast range) are never forwarded, hence it is not necessary to masquerade them. In fact we must not masquerade them: translating their source addresses or source ports (where applicable) may confuse receivers on virbrN. One example is the DHCP client in OVMF (= UEFI firmware for virtual machines): http://thread.gmane.org/gmane.comp.bios.tianocore.devel/1506/focus=2640 It expects DHCP replies to arrive from remote source port 67. Even though dnsmasq conforms to that, the destination address (255.255.255.255) and the source address (eg. 192.168.122.1) in the reply allow the UDP masquerading rule to match, which rewrites the source port to or above 1024. This prevents the DHCP client in OVMF from accepting the packet. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=709418 Signed-off-by: Laszlo Ersek <lersek@redhat.com>		2013-09-25 08:31:50 -04:00
..
bridge_driver_linux.c	bridge driver: don't masquerade local subnet broadcast/multicast packets	2013-09-25 08:31:50 -04:00
bridge_driver_nop.c	Add missing ATTRIBUTE_UNUSED	2013-08-12 21:30:29 +02:00
bridge_driver_platform.c	bridge driver: extract platform specifics	2013-08-01 15:47:02 -06:00
bridge_driver_platform.h	bridge driver: extract platform specifics	2013-08-01 15:47:02 -06:00
bridge_driver.c	Add forwarder attribute to <dns/> element	2013-09-17 17:47:33 -06:00
bridge_driver.h	maint: don't use config.h in .h files	2013-06-05 05:53:25 -06:00
default.xml	Remove the space before the slash in network XML	2013-08-28 08:05:46 +02:00