xenbits.xensource.com Git - libvirt.git/commit

author	Stefan Berger <stefanb@us.ibm.com>
	Tue, 6 Apr 2010 14:40:35 +0000 (10:40 -0400)
committer	Stefan Berger <stefanb@us.ibm.com>
	Tue, 6 Apr 2010 14:40:35 +0000 (10:40 -0400)
commit	552bdb9b3551c31bfdbf0972df97a4b62d81176a
tree	3c4ee8c1199a46af331bbde65757399c15cfb82b	tree
parent	9f337ef7525e44d32afaef5f650ede2d07a482b2	commit \| diff

nwfilter: Fix instantiated layer 2 rules for 'inout' direction

With Eric Blake's suggestions applied.

The following rule for direction 'in'

<rule direction='in' action='drop'>
  <mac srcmacaddr='1:2:3:4:5:6'/>
</rule>

drops all traffic from the given mac address.
The following rule for direction 'out'

<rule direction='out' action='drop'>
  <mac dstmacaddr='1:2:3:4:5:6'/>
</rule>

drops all traffic to the given mac address.
The following rule in direction 'inout'

<rule direction='inout' action='drop'>
  <mac srcmacaddr='1:2:3:4:5:6'/>
</rule>

now drops all traffic from and to the given MAC address.
So far it would have dropped traffic from the given MAC address
and outgoing traffic with the given source MAC address, which is not useful
since the packets will always have the VM's MAC address as source
MAC address. The attached patch fixes this.

This is the last bug I currently know of and want to fix.