mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-24 16:35:44 +00:00
fd5b15ff1a
This patch attempts to take advantage of a newly added netfilter module to correct for a problem with some guest DHCP client implementations when used in conjunction with a DHCP server run on the host systems with packet checksum offloading enabled. The problem is that, when the guest uses a RAW socket to read the DHCP response packets, the checksum hasn't yet been fixed by the IP stack, so it is incorrect. The fix implemented here is to add a rule to the POSTROUTING chain of the mangle table in iptables that fixes up the checksum for packets on the virtual network's bridge that are destined for the bootpc port (ie "dhcpc", ie port 68) port on the guest. Only very new versions of iptables will have this support (it will be in the next upstream release), so a failure to add this rule only results in a warning message. The iptables patch is here: http://patchwork.ozlabs.org/patch/58525/ A corresponding kernel module patch is also required (the backend of the iptables patch) and that will be in the next release of the kernel.
102 lines
5.4 KiB
C
102 lines
5.4 KiB
C
/*
|
|
* Copyright (C) 2007, 2008 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*
|
|
* Authors:
|
|
* Mark McLoughlin <markmc@redhat.com>
|
|
*/
|
|
|
|
#ifndef __QEMUD_IPTABLES_H__
|
|
# define __QEMUD_IPTABLES_H__
|
|
|
|
typedef struct _iptablesContext iptablesContext;
|
|
|
|
iptablesContext *iptablesContextNew (void);
|
|
void iptablesContextFree (iptablesContext *ctx);
|
|
|
|
int iptablesAddTcpInput (iptablesContext *ctx,
|
|
const char *iface,
|
|
int port);
|
|
int iptablesRemoveTcpInput (iptablesContext *ctx,
|
|
const char *iface,
|
|
int port);
|
|
|
|
int iptablesAddUdpInput (iptablesContext *ctx,
|
|
const char *iface,
|
|
int port);
|
|
int iptablesRemoveUdpInput (iptablesContext *ctx,
|
|
const char *iface,
|
|
int port);
|
|
|
|
int iptablesAddForwardAllowOut (iptablesContext *ctx,
|
|
const char *network,
|
|
const char *iface,
|
|
const char *physdev);
|
|
int iptablesRemoveForwardAllowOut (iptablesContext *ctx,
|
|
const char *network,
|
|
const char *iface,
|
|
const char *physdev);
|
|
|
|
int iptablesAddForwardAllowRelatedIn(iptablesContext *ctx,
|
|
const char *network,
|
|
const char *iface,
|
|
const char *physdev);
|
|
int iptablesRemoveForwardAllowRelatedIn(iptablesContext *ctx,
|
|
const char *network,
|
|
const char *iface,
|
|
const char *physdev);
|
|
|
|
int iptablesAddForwardAllowIn (iptablesContext *ctx,
|
|
const char *network,
|
|
const char *iface,
|
|
const char *physdev);
|
|
int iptablesRemoveForwardAllowIn (iptablesContext *ctx,
|
|
const char *network,
|
|
const char *iface,
|
|
const char *physdev);
|
|
|
|
int iptablesAddForwardAllowCross (iptablesContext *ctx,
|
|
const char *iface);
|
|
int iptablesRemoveForwardAllowCross (iptablesContext *ctx,
|
|
const char *iface);
|
|
|
|
int iptablesAddForwardRejectOut (iptablesContext *ctx,
|
|
const char *iface);
|
|
int iptablesRemoveForwardRejectOut (iptablesContext *ctx,
|
|
const char *iface);
|
|
|
|
int iptablesAddForwardRejectIn (iptablesContext *ctx,
|
|
const char *iface);
|
|
int iptablesRemoveForwardRejectIn (iptablesContext *ctx,
|
|
const char *iface);
|
|
|
|
int iptablesAddForwardMasquerade (iptablesContext *ctx,
|
|
const char *network,
|
|
const char *physdev,
|
|
const char *protocol);
|
|
int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
|
|
const char *network,
|
|
const char *physdev,
|
|
const char *protocol);
|
|
int iptablesAddOutputFixUdpChecksum (iptablesContext *ctx,
|
|
const char *iface,
|
|
int port);
|
|
int iptablesRemoveOutputFixUdpChecksum (iptablesContext *ctx,
|
|
const char *iface,
|
|
int port);
|
|
|
|
#endif /* __QEMUD_IPTABLES_H__ */
|