WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [adrian@xxxxxxxxxxxxxxx: [Xen-users] vif-common.sh, anti

from [Ewan Mellor] [Permanent Link][Original]
To: Adrian Chadd <adrian@xxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [adrian@xxxxxxxxxxxxxxx: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=]
From: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Date: Tue, 21 Nov 2006 15:01:53 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 21 Nov 2006 07:02:01 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20061121124944.GC14185@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20061121124944.GC14185@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i 
On Tue, Nov 21, 2006 at 08:49:44PM +0800, Adrian Chadd wrote:

> I'm running Xen w/ bridges and antispoof. I found this in vif-common.sh:
> 
>   if [ "$ip" != "" ]
>   then
>       local addr
>       for addr in "$ip"
>       do
>         frob_iptable -s "$addr"
>       done
> 
>       # Always allow the domain to talk to a DHCP server.
>       frob_iptable -p udp --sport 68 --dport 67
>   else
>       # No IP addresses have been specified, so allow anything.
>       frob_iptable
>   fi
> 
> This works fine for one IP in the vif config but I can't figure out how to 
> coax
> it into >1 IP like the for addr loop suggests. It always treats "$ip" as one
> entry and passes $addr as the whole IP string, not each IP.
> 
> Here's an example:
> 
> vif = [ 'bridge=xenbr0,ip=a.b.c.25 a.b.c.26 a.b.c.27 a.b.c.28' ]
> 
> If I remove the ""'s around $ip then addr is passed individual IPs from that 
> list
> and iptables is setup appropriately.
> 
> Is this the correct solution?

Yes, I think so; I'll put a patch in.

Thanks,

Ewan.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] Trivial patch to fix logging level output by XendCheckpoint.py, Graham, Simon
Next by Date:  Re: [Xen-devel] Trivial patch to fix logging level output by XendCheckpoint.py, Daniel P. Berrange
Previous by Thread:  [Xen-devel] [adrian@xxxxxxxxxxxxxxx: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=], Adrian Chadd
Next by Thread:  Re: [Xen-devel] [adrian@xxxxxxxxxxxxxxx: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=], Adrian Chadd
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy