xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commit

author	Laszlo Ersek <lersek@redhat.com>
	Wed, 25 Sep 2013 10:45:25 +0000 (12:45 +0200)
committer	Laine Stump <laine@laine.org>
	Wed, 25 Sep 2013 12:24:09 +0000 (08:24 -0400)
commit	ccca5dc3a2f2b4da60e19674a3c5b7b304e36619
tree	2176d4eead72e6701945f9fadd62b31e812be47b	tree
parent	ef29de14c37d14abc546e90555a0093797facfdd	commit \| diff

util/viriptables: add/remove rules that short-circuit masquerading

The functions
- iptablesAddForwardDontMasquerade(),
- iptablesRemoveForwardDontMasquerade
handle exceptions in the masquerading implemented in the POSTROUTING chain
of the "nat" table. Such exceptions should be added as chronologically
latest, logically top-most rules.

The bridge driver will call these functions beginning with the next patch:
some special destination IP addresses always refer to the local
subnetwork, even though they don't match any practical subnetwork's
netmask. Packets from virbrN targeting such IP addresses are never routed
outwards, but the current rules treat them as non-virbrN-destined packets
and masquerade them. This causes problems for some receivers on virbrN.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

src/libvirt_private.syms		diff \| blob \| blame \| history
src/util/viriptables.c		diff \| blob \| blame \| history
src/util/viriptables.h		diff \| blob \| blame \| history