[ovirt-users] Ip spoofing

Dan Kenigsberg danken at redhat.com
Wed Jun 25 07:57:23 UTC 2014


On Wed, Jun 25, 2014 at 10:16:12AM +0800, Punit Dambiwal wrote:
> Hi Dan,
> 
> I try the following way :-
> 
> 1. I placed your script in the following location
> :- /usr/libexec/vdsm/hooks/before_device_create/50_noipspoof &
> /usr/libexec/vdsm/hooks/before_nic_hotplug/50_noipspoof
> 
> 2. Then run this command on the ovirt-engine server (engine-config -s
> "UserDefinedVMProperties=noipspoof=^[0-9.]*$")
> 3. After that stop the VM and set a custom property named "noipspoof" with
> ip 10.10.10.6.
> 4. Run the VM and login via ssh,configure another ethernet with eth0:0 with
> the ip address 10.10.10.9
> 5. From another VM with ip 10.10.10.5 i can able to ping 10.10.10.9....
> 
> One strange thing is in VM xml still the filter is "vdsm-no-mac-spoofing"
> instead of "noipspoof"
> 
> ----------------
>  <interface type='bridge'>
>       <mac address='00:1a:4a:81:80:09'/>
>       <source bridge='private'/>
>       <target dev='vnet0'/>
>       <model type='virtio'/>
>       <filterref filter='vdsm-no-mac-spoofing'/>
>       <link state='up'/>
>       <alias name='net0'/>
>       <address type='pci' domain='0x0000' bus='0x00' slot='0x05'
> function='0x0'/
>                                     >
> ----------------
> 
> Please let me know if i am wrong here....

I can try to help you debug the issue. Could you attach vdsm.log from
the vmCreate command to the place where the VM turns to "Up"?

Can you verify that
/usr/libexec/vdsm/hooks/before_device_create/50_noipspoof is executable
to the vdsm user?

Dan.



More information about the Users mailing list