etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloudstack/scripts/vm/hypervisor
History
Anthony Xu f1fb7c3efe in security group, CS put a rule in ebtables filter table FORWARD chain to prevent user from changing VM mac address 
util.pread2(['ebtables', '-A', vm_chain, '-i', vif, '-s', '!', vm_mac,  '-j', 'DROP'])

if user changes the VM mac address, all egress packet from the VM will be dropped, but the egress packet still contaminate the bridge cache with fake MAC,

This patch moves the rule to ebtables nat table PREROUTING chain, then the egress packet with modified MAC will not contaminate the bridge cache.

Anthony
 		2013-07-30 17:04:21 -07:00
..
kvm CLOUDSTACK-2614: Fix the permission of patchviasocket.pl 2013-05-29 14:24:49 -07:00
xenserver in security group, CS put a rule in ebtables filter table FORWARD chain to prevent user from changing VM mac address 2013-07-30 17:04:21 -07:00
versions.sh license header changes for scripts folder from Chip Childers 2012-06-23 00:58:00 -04:00