[Users] disable EnableMACAntiSpoofingFilterRules per VM

Kapetanakis Giannis bilias at edu.physics.uoc.gr
Thu Dec 26 13:06:57 UTC 2013


On 26/12/13 11:06, Assaf Muller wrote:
>> what will be the default action for my VMs? Filter or not filter?
>> So I gave to alter EnableMACAntiSpoofingFilterRules as well?
> The default is to filter. You'll have to add a VM or VNIC custom property
> and set the value to False whenever you want to disable the filtering.
>
>> What about conflicting values between VM and VNIC. Which has precedence
>> over the other?
> You would think that anything VNIC specific would take precedence, but with
> how the code is implemented at this time, before_device_create is called
> for all devices, and before_vm_create is called after that. That means
> that whatever is defined at the VM level will take precedence.

ok, this worked like a charm but I did some changes.

Maybe you want to update the README on
https://github.com/oVirt/vdsm/blob/master/vdsm_hooks/macspoof/README

engine-config -s 
UserDefinedVMProperties='previousProperties;macspoof=^(true|false)$' 
--cver=3.3 failed with an error: Cannot set value 
previousProperties;macspoof=^(true|false)$ to key 
UserDefinedVMProperties. Invalid syntax, user defined VM properties 
specification should conform to 
(([a-z_A-Z0-9])+)=(([^;])+)(;(([a-z_A-Z0-9])+)=(([^;])+))*;? I changed 
that to engine-config -s "UserDefinedVMProperties=macspoof=(true|false)" 
like it is defined in http://www.ovirt.org/Engine_config_examples which 
was inserted with no error. CustomDeviceProperties also inserted like
engine-config -s 
CustomDeviceProperties='{type=interface;prop={ifacemacspoof=(true|false)}}' 
so both options could be available. VM option indeed takes precedence 
over VNIC option. You should also take notice that setting 
macspoof=false or ifacemacspoof=false does the opposite of at least what 
I expected. It filters. I had to apply with either macspoof=true or 
ifacemacspoof=true to disable filtering The README also has that the 
other way. Either the README has to be changed or the options could be 
renamed to something like disable_macspoof_filter and 
disable_ifacemacspoof_filter best regards and thanks for all the replies, G





More information about the Users mailing list