WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] physdev match: using --physdev-out in the OUTPUT, FORWARD an

from [James Harper] [Permanent Link][Original]
To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Fri, 3 Sep 2010 10:06:26 +1000
Delivery-date: Thu, 02 Sep 2010 17:07:18 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: ActK+9m4909U7dnmQ3y4JWpow0rHRQ==
Thread-topic: physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore. 
I see lots and lots of " physdev match: using --physdev-out in the
OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not
supported anymore." in the kernel logs. You can turn off some of the
iptables stuff by turning off antispoofing but the stuff in
vif-common.sh is not under admin control.

Not tested, but I think something like this might be required to make it
work better:

---
/usr/local/src/xen-4.0-testing.hg/dist/install/etc/xen/scripts/vif-commo
n.sh        2010-08-25 22:05:47.000000000 +1000
+++ vif-common.sh       2010-09-03 10:05:03.316931684 +1000
@@ -66,6 +66,11 @@

 frob_iptable()
 {
+  if [ `cat /proc/sys/net/bridge/bridge-nf-call-iptables` != "1" ]
+  then
+    # bridge packets not going through iptables
+    return
+  fi
   if [ "$command" == "online" ]
   then
     local c="-I"

James

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: [RFC] tmem ABI change... backwards compatibility unnecessary?, Jeremy Fitzhardinge
Next by Date:  [Xen-devel] BUG: soft lockup - CPU#1 stuck for 61s! [udevd:4865], James Harper
Previous by Thread:  Re: [Xen-devel] [PATCH] blkfront: Move blkif_interrupt into a tasklet., Jeremy Fitzhardinge
Next by Thread:  Re: [Xen-devel] physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore., Olaf Hering
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy