]> xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commit
projects / people / liuw / libxenctrl-split / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b073179) | patch
nwfilter: Add support for icmpv6 filtering
authorStefan Berger <stefanb@linux.vnet.ibm.com>
Wed, 7 Jan 2015 16:41:49 +0000 (11:41 -0500)
committerStefan Berger <stefanb@linux.vnet.ibm.com>
Wed, 7 Jan 2015 16:41:49 +0000 (11:41 -0500)
commit3a3b3691d145418dc6616e7ce8a5ca8ba857bc5b
treee95eeb5403baa3053adc2bb1f292178717bedccdtree
parentb073179085cb470e13e8e87e2a92cf2356c680ebcommit | diff
nwfilter: Add support for icmpv6 filtering

Make use of the ebtables functionality to be able to filter certain
parameters of icmpv6 packets. Extend the XML parser for icmpv6 types,
type ranges, codes, and code ranges. Extend the nwfilter documentation,
schema, and test cases.

Being able to filter icmpv6 types and codes helps extending the DHCP
snooper for IPv6 and filtering at least some parameters of IPv6's NDP
(Neighbor Discovery Protocol) packets. However, the filtering will not
be as good as the filtering of ARP packets since we cannot
check on IP addresses in the payload of the NDP packets.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
docs/formatnwfilter.html.in diff | blob | blame | history
docs/schemas/nwfilter.rng diff | blob | blame | history
src/conf/nwfilter_conf.c diff | blob | blame | history
src/conf/nwfilter_conf.h diff | blob | blame | history
src/nwfilter/nwfilter_ebiptables_driver.c diff | blob | blame | history
tests/nwfilterxml2firewalldata/ipv6-linux.args diff | blob | blame | history
tests/nwfilterxml2firewalldata/ipv6.xml diff | blob | blame | history
tests/nwfilterxml2xmlin/ipv6-test.xml diff | blob | blame | history
tests/nwfilterxml2xmlout/ipv6-test.xml diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.