Xen project Mailing List

Re: [Xen-devel] [PATCH 5/5] docs: Update the xl network config documentation with IPv6 support

To: Sylvain Munaut <s.munaut@xxxxxxxxxxxxxxxxxxxx>

From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Date: Wed, 21 May 2014 14:25:21 +0100

Delivery-date: Wed, 21 May 2014 13:25:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 2014-05-20 at 16:56 +0200, Sylvain Munaut wrote: > Signed-off-by: Sylvain Munaut <s.munaut@xxxxxxxxxxxxxxxxxxxx> > --- > docs/misc/xl-network-configuration.markdown | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/docs/misc/xl-network-configuration.markdown > b/docs/misc/xl-network-configuration.markdown > index 3c439d4..bad356d 100644 > --- a/docs/misc/xl-network-configuration.markdown > +++ b/docs/misc/xl-network-configuration.markdown > @@ -128,6 +128,21 @@ configured. A typically behaviour (exhibited by the > example hotplug > scripts) if set might be to configure firewall rules to allow only the > specified IP address to be used by the guest (blocking all others). > > +The linux hotplug script supports both IPv4 and IPv6 in this field. When > +the field is omitted or empty, both will be fully allowed. If only IPv4s > +are listed, then IPv6 will be blocked completely. Symetrically, if only "Symmetrically" > +IPv6s are listed, then IPv4 will be blocked. If you wish to filter one > +but not the other, you can use the wildcard addresses 0.0.0.0/0 and > +::0/0 for IPv4/6 respectively. > + > +As a special case, you can use 'eui64' token as an IPv6 address and this > +will allow traffic all traffic from the VM where the lower 64 bits are > +matched against the EUI64 generated from the mac address of the VIF. It If you say [EUI64] then at the end you can say: [EUI64]: http://en.wikipedia.org/wiki/IPv6_address#Modified_EUI-64 (assuming this is what was implemented and not "normal" EUI-64, whatever that is) I think it would be reasonable to fold this into the patch which adds this functionality, but I'm happy with it remaining separate too. > +is up to the network administrator to filter the network part of the > +address globally if necessary. This is of course only usable for the > +vif-bridge script as the vif-route will require a fully defined address > +in the 'ip' field. > + > ### backend > > Specifies the backend domain which this device should attach to. This _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.