]> xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commit
projects / people / liuw / libxenctrl-split / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d33b872) | patch
nwfiler: fix due to non-symmetric src mac address match in iptables
authorStefan Berger <stefanb@us.ibm.com>
Wed, 7 Apr 2010 10:28:16 +0000 (06:28 -0400)
committerStefan Berger <stefanb@us.ibm.com>
Wed, 7 Apr 2010 10:28:16 +0000 (06:28 -0400)
commitf8352e221f05910d9f6ab00edc0eb664efc0018b
treeebef823ff8fde53c001d08cbbb9442d0d835603etree
parentd33b87268d89df25ce266da07facb279e0fedf8ecommit | diff
nwfiler: fix due to non-symmetric src mac address match in iptables

The attached patch fixes a problem due to the mac match in iptables only
supporting --mac-source and no --mac-destination, thus it not being
symmetric. Therefore a rule like this one

<rule action='drop' direction='out'>
  <all match='no' srcmacaddr='$MAC'/>
</rule>

should only have the MAC match on traffic leaving the VM and not test
for the same source MAC address on traffic that the VM receives.
src/nwfilter/nwfilter_ebiptables_driver.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.