On Fri, Apr 13, 2012 at 10:09 AM, Stefan Berger <[email protected]>wrote:
> This series of patches adds DHCP snooping support to libvirt's > nwfilter subsystem. > > DHCP snooping detects DHCP leases obtained by a VM and automatically > adjusts the network traffic filters to reflect the IP addresses > with which a VM may send its traffic, thus for example preventing > IP address spoofing. > Once leases on IP addresses expire or if a VM gives up on a > lease on an IP address, the filters are also adjusted. > All leases are persisted and automatically applied upon a VM's restart. > Leases are associated with the tuple of VM-UUID and interface MAC > address. > > The following interface XML activates and uses the DHCP snooping: > > <interface type='bridge'> > <source bridge='virbr0'/> > <filterref filter='clean-traffic'> > <parameter name='ip_learning' value='dhcp'/> > </filterref> > </interface> > > > Regards, > David and Stefan > Would libvirt (via the perl wrapper) be able to query the IP address information? I am developing a light-weight web interface for managing several QEMU instances on my server (apache, mod_perl, Sys-Virt, libvirtd). I can get the MAC address of each VM from the XML file ($dom->get_xml_description, XML::Simple), but at the moment I do not have a clean way to get the corresponding IP address. My system runs its own DHCP server and "arpwatch". I was considering trying to extract the MAC->IP mapping from those, but if QEMU/libvirtd itself knows the IP in use by the VM, then that would be fantastic. I should mention that I'm using "br0", not "virbr0" style bridges. I don't know if that matters. Thank you guys for your excellent work and your time. Libvirt and the wrapper APIs are incredibly useful.
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
