<li>IPV6_ADDR: IPv6 address in numbers format, i.e., FFFF::1</li>
<li>IPV6_MASK: IPv6 mask in numbers format (FFFF:FFFF:FC00::) or CIDR mask (0-128)</li>
<li>STRING: A string</li>
+ <li>BOOLEAN: 'true', 'yes', '1' or 'false', 'no', '0'</li>
</ul>
<p>
<br/><br/>
<td>STRING</td>
<td>text with max. 256 characters</td>
</tr>
+ <tr>
+ <td>gratuitous <span class="since">(Since 0.9.2)</span></td>
+ <td>BOOLEAN</td>
+ <td>boolean indicating whether to check for gratuitous ARP packet</td>
+ </tr>
</table>
<p>
Valid strings for the <code>Opcode</code> field are:
<ref name="uint16range"/>
</attribute>
</optional>
+ <optional>
+ <attribute name="gratuitous">
+ <ref name="boolean"/>
+ </attribute>
+ </optional>
</interleave>
</define>
</choice>
</define>
+ <define name="boolean">
+ <choice>
+ <value>yes</value>
+ <value>no</value>
+ <value>true</value>
+ <value>false</value>
+ <value>1</value>
+ <value>0</value>
+ </choice>
+ </define>
+
<define name="arpOpcodeType">
<choice>
<!-- variable -->
<rule action='drop' direction='out' priority='400' >
<arp match='no' arpsrcipaddr='$IP' />
</rule>
- <!-- drop if ipaddr or macaddr odes not belong to guest -->
+ <!-- allow gratuitous arp -->
+ <rule action='accept' direction='in' priority='425'>
+ <arp gratuitous='true'/>
+ </rule>
+ <!-- drop if ipaddr or macaddr does not belong to guest -->
<rule action='drop' direction='in' priority='450' >
<arp match='no' arpdstmacaddr='$MAC'/>
<arp opcode='reply'/>
.name = ARPDSTIPADDR,
.datatype = DATATYPE_IPADDR,
.dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataARPDstIPAddr),
+ }, {
+ .name = "gratuitous",
+ .datatype = DATATYPE_BOOLEAN,
+ .dataIdx = offsetof(virNWFilterRuleDef, p.arpHdrFilter.dataGratuitousARP),
},
COMMENT_PROP(arpHdrFilter),
{
found = 1;
break;
+ case DATATYPE_BOOLEAN:
+ if (STREQ(prop, "true") ||
+ STREQ(prop, "1") ||
+ STREQ(prop, "yes"))
+ item->u.boolean = true;
+ else
+ item->u.boolean = false;
+
+ data.ui = item->u.boolean;
+ found = 1;
+ break;
+
case DATATYPE_LAST:
default:
break;
virBufferEscapeString(buf, "%s", item->u.string);
break;
+ case DATATYPE_BOOLEAN:
+ if (item->u.boolean == true)
+ virBufferAddLit(buf, "true");
+ else
+ virBufferAddLit(buf, "false");
+ break;
+
case DATATYPE_STRING:
default:
virBufferAsprintf(buf,
DATATYPE_IPV6ADDR = (1 << 9),
DATATYPE_IPV6MASK = (1 << 10),
DATATYPE_STRINGCOPY = (1 << 11),
+ DATATYPE_BOOLEAN = (1 << 12),
- DATATYPE_LAST = (1 << 12),
+ DATATYPE_LAST = (1 << 13),
};
union {
nwMACAddress macaddr;
virSocketAddr ipaddr;
+ bool boolean;
uint8_t u8;
uint16_t u16;
char protocolID[10];
nwItemDesc dataARPSrcIPAddr;
nwItemDesc dataARPDstMACAddr;
nwItemDesc dataARPDstIPAddr;
+ nwItemDesc dataGratuitousARP;
nwItemDesc dataComment;
};
ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPDstMACAddr),
macaddr);
}
+
+ if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataGratuitousARP) &&
+ rule->p.arpHdrFilter.dataGratuitousARP.u.boolean) {
+ virBufferAsprintf(&buf,
+ " %s --arp-gratuitous",
+ ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataGratuitousARP));
+ }
break;
case VIR_NWFILTER_RULE_PROTOCOL_IP:
<arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
opcode='65536' hwtype='65536' protocoltype='65536' />
</rule>
+
+ <rule action='accept' direction='in'>
+ <arp gratuitous='true'/>
+ </rule>
</filter>
<rule action='accept' direction='out' priority='500'>
<arp srcmacaddr='01:02:03:04:05:06' srcmacmask='ff:ff:ff:ff:ff:ff'/>
</rule>
+ <rule action='accept' direction='in' priority='500'>
+ <arp gratuitous='true'/>
+ </rule>
</filter>
projects / libvirt.git / commitdiff