Skip to content
This repository has been archived by the owner on Aug 17, 2021. It is now read-only.

This hook adds MAC anti-spoofing functionality to libvirt

License

Notifications You must be signed in to change notification settings

s3rj1k/libvirt-anti-mac-spoof-hook

Repository files navigation

libvirt-anti-mac-spoof-hook

This hook adds MAC anti-spoofing functionality to libvirt

Docs:

Install:

  • copy qemu to /etc/libvirt/hooks/qemu
  • restart libvirt daemon systemctl restart libvirtd

Debug:

virsh dumpxml vm1 | DEBUG=true ./qemu vm1 prepare begin -
virsh dumpxml vm1 | DEBUG=true ./qemu vm1 stopped end -

Logging:

  • /var/log/libvirt/qemu/qemu-hook.log

XML inside virsh edit:

<domain>
...
  <metadata>
    <my:custom xmlns:my="abe43f05-b1b3-4dd2-ad47-b31967e45413">
      <my:network mac_address="52:54:00:9a:c9:01" parent_device="vlan220"/>
    </my:custom>
  </metadata>
...
</domain>

XML inside Domain description from libvirt-go-xml:

<my:custom xmlns:my=\"abe43f05-b1b3-4dd2-ad47-b31967e45413\"><my:network mac_address=\"52:54:00:9a:c9:01\" parent_device=\"vlan220\"/></my:custom>

Manual workflow inside hypervisor node:

ip link add link vlan220 name ifh-9ac901 type macvlan mode source
ip link set link dev ifh-9ac901 type macvlan macaddr set 52:54:00:34:e5:01
ip -d link show dev ifh-9ac901

Chnage MAC inside VM, security check:

ip link set dev ens2 address 52:54:00:9a:c9:ff

XML inside Libvirt Domain:

<domain>
  ...
  <devices>
    ...
    <interface type='direct'>
      <mac address='52:54:00:9a:c9:01'/>
      <source dev='ifh-9ac901' mode='bridge'/>
      <target dev='ifl-9ac901'/>
      <model type='virtio'/>
    </interface>
    ...
  </devices>
...
</domain>

About

This hook adds MAC anti-spoofing functionality to libvirt

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published