[Users] disable EnableMACAntiSpoofingFilterRules per VM
Kapetanakis Giannis
bilias at edu.physics.uoc.gr
Thu Dec 26 13:23:07 UTC 2013
Resending cause somehow the format got screwed up.
On 26/12/13 11:06, Assaf Muller wrote:
>> what will be the default action for my VMs? Filter or not filter?
>> So I gave to alter EnableMACAntiSpoofingFilterRules as well?
> The default is to filter. You'll have to add a VM or VNIC custom property
> and set the value to False whenever you want to disable the filtering.
>
>> What about conflicting values between VM and VNIC. Which has precedence
>> over the other?
> You would think that anything VNIC specific would take precedence, but with
> how the code is implemented at this time, before_device_create is called
> for all devices, and before_vm_create is called after that. That means
> that whatever is defined at the VM level will take precedence.
ok, this worked like a charm but I did some changes.
Maybe you want to update the README on
https://github.com/oVirt/vdsm/blob/master/vdsm_hooks/macspoof/README
engine-config -s
UserDefinedVMProperties='previousPropertiesmacspoof=^(true|false)$'
--cver=3.3
failed with an error:
Cannot set value previousProperties;macspoof=^(true|false)$ to key
UserDefinedVMProperties. Invalid syntax, user defined VM properties
specification should conform to
(([a-z_A-Z0-9])+)=(([^;])+)(;(([a-z_A-Z0-9])+)=(([^;])+))*;?
I changed that to
engine-config -s "UserDefinedVMProperties=macspoof=(true|false)"
like it is defined in http://www.ovirt.org/Engine_config_examples
which was inserted with no error.
CustomDeviceProperties also inserted like
engine-config -s CustomDeviceProperties=
'{type=interface;prop={ifacemacspoof=(true|false)}}'
so both true/false options could be available.
VM option indeed takes precedence over VNIC option.
You should also take notice that setting macspoof=false or
ifacemacspoof=false does the opposite of at least what I expected.
It filters.
I had to apply with either macspoof=true or ifacemacspoof=true to
disable filtering.
The README also has that the other way.
Either the README has to be changed or the options could be renamed to
something like disable_macspoof_filter and disable_ifacemacspoof_filter
best regards and thanks for all the replies,
G
More information about the Users
mailing list