mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-11 12:25:52 +00:00
705e67d40b
This patch adds the capability for virtual guests to do IPv6 communication via a virtual network interface with no IPv6 (gateway) addresses specified. This capability has always been enabled by default for IPv4, but disabled for IPv6 for security concerns, and because it requires the ip6tables command to be operational (which isn't the case on a system with the ipv6 module completely disabled). This patch adds a new attribute "ipv6" at the toplevel of a <network> object. If ipv6='yes', the extra ip6tables rules required to permite inter-guest communications are added when the network is started. If it is 'no', or not present, those rules will not be added; thus the default behavior doesn't change, so there should be no compatibility issues with any existing installations. Note that virtual guests cannot communication with the virtualization host via this interface, because the following kernel tunable has been set: net.ipv6.conf.<bridge_interface_name>.disable_ipv6 = 1 This assures that the bridge interface will not have an IPv6 link-local (fe80::) address. To control this behavior so that it is not enabled by default, the parameter ipv6='yes' on the <network> statement has been added. Documentation related to this patch has been updated. The network schema has also been updated. |
||
|---|---|---|
| .. | ||
| 8021Qbh-net.xml | ||
| bandwidth-network.xml | ||
| direct-net.xml | ||
| empty-allow-ipv6.xml | ||
| host-bridge-net.xml | ||
| hostdev-pf.xml | ||
| hostdev.xml | ||
| isolated-network.xml | ||
| nat-network-dns-hosts.xml | ||
| nat-network-dns-srv-record-minimal.xml | ||
| nat-network-dns-srv-record.xml | ||
| nat-network-dns-txt-record.xml | ||
| nat-network.xml | ||
| netboot-network.xml | ||
| netboot-proxy-network.xml | ||
| openvswitch-net.xml | ||
| passthrough-pf.xml | ||
| routed-network.xml | ||
| vepa-net.xml | ||