[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libvirt-users
Subject:    Re: [libvirt-users] NWFilter and IPv6
From:       Stefan Berger <stefanb () linux ! vnet ! ibm ! com>
Date:       2012-11-26 17:24:11
Message-ID: 50B3A5BB.4020706 () linux ! vnet ! ibm ! com
[Download RAW message or body]

On 11/26/2012 10:41 AM, Laine Stump wrote:
> On 11/07/2012 03:22 AM, Guido Winkelmann wrote:
>> Hi,
>>
>> Libvirt's nwfilter ships a number of useful filter scripts by default, but
>> none to handle IPv6 traffic. Is there a particular reason for that, or is that
>> just because nobody has got around to that yet?
> Hi Guido! I just saw this message you sent to the list a couple weeks ago.
>
> Stefan Berger can confirm, but I believe the answer is the latter -
> nobody has gotten around to it. I'm sure patches would be greatly
> appreciated :-)

Yes, patches would be appreciated. The IP address detection methods may 
also need to be extended for IPv6 support.
One problem I want to mention, though:  A bigger problem would be if a 
machine wanted to use IPv4 and IPv6 (dual stack) and use DHCP for both , 
which in effect would result in two variables that need to have values 
detected which in turn would require partial instantiation of filters 
(since one variable may not have a value assigned while the other has), 
which does not currently work...

Also as I recall for IPv4 the ARP-equivalent is NDP (Neighbor Discovery 
Protocol based on ICMPv6), which may need support in ebtables. At least 
a while ago there was no support for filtering that NDP subset of ICMPv6 
in ebtables.

Regards,
    Stefan

[prev in list] [next in list] [prev in thread] [next in thread]