|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 4/5] hotplug/linux: Add IPv6 support to the iptables logic
Hi,
> I think it would be a good idea to allow autoconfigured IPv6 addresses.
> These have the lower 64-bit of the address set to a value based on the
> interface MAC address (EUI-64), which is known in the vif script.
>
> Unfortunately it is not easy to compute that suffix in a shell script.
> In my setup I use a helper Python script, but guess this might not be
> the perfect solution for the standard scripts.
The issue is how do you get the prefix ?
Or add a special eui64:AAAA:BBBB:CCCC:DDDD address that's
automaticaly transformed into a EUI64 address ?
>> + # Always allow ICMP messages from link-local addresses (for ND)
>> + ip6tables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in
>> "$dev" \
>> + -s fe80::/64 -j ACCEPT 2>/dev/null &&
>
> I wonder if checking this addresses against the MAC address may be
> desirable, especially when bridging. This would be assured by the same
> rule as the other auto-configured addresses.
Yes, might be a good idea.
echo $mac | awk '{split($1,i,":"); print "fe80::" i[1]^2 i[2] ":" i[3]
"ff:fe" i[4] ":" i[5] i[6] }'
should work.
Cheers,
Sylvain
--
Sylvain Munaut
Whatever s.a.
Rue Fond Cattelain 5
1435 Mont-Saint-Guibert
Fixed line: +32 10 23.59.30
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |