WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] [SOLVED] Error: Device 0 (vif) could not be connected. H

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] [SOLVED] Error: Device 0 (vif) could not be connected. Hotplug scripts not working.
From: "Olivier B." <xen.list@xxxxxxxxx>
Date: Wed, 24 Feb 2010 19:51:29 +0100
Delivery-date: Wed, 24 Feb 2010 10:52:54 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4B856AE3.8000202@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4B62F12E.906@xxxxxxxxx> <20100201073038.GS2861@xxxxxxxxxxx>, <4B79FEC4.9090900@xxxxxxxxx> <4B7BE5EA.3060207@xxxxxxxxx>, <20100217135517.GY2861@xxxxxxxxxxx> <4B7BFB58.7030904@xxxxxxxxx>, <20100217172448.GF2861@xxxxxxxxxxx>, <4B85059A.6060004@xxxxxxxxx> <BAY107-W228AC9F867FA461F2DFEBAEF410@xxxxxxx> <4B854593.7010803@xxxxxxxxx> <4B856AE3.8000202@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.7) Gecko/20100204 Icedove/3.0.1
On 24/02/2010 19:07, Olivier B. wrote:
So, the winner is "CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m".
If I don't compile at all this module, all works fine.

Any idea why this module seem to be incompatible with my setup ?

If I put "xt_physdev" in /etc/modprobe.d/blacklist, it also works.
So I suppose it's a bug in the debian bridge script.


If I don't blacklist the module, I only see this rule in FORWARD :

Chain FORWARD (policy ACCEPT 202 packets, 32632 bytes)
pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif5.0

And it doesn't start. I obtain "Error: Device 0 (vif) could not be connected. Hotplug scripts not working." after 100 seconds.

But if I comment this four lines in /etc/xen/scripts/vif-common.sh, FORWARD stay empty, and DomU starts.
>  iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
>    2>/dev/null &&
>  iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev \
>    --physdev-out "$vif" -j ACCEPT 2>/dev/null

Also, if I let the FORWARD rule and start the DomU, it wait until the 100 seconds timeout _OR_ I flush the FORWARD rules.

What is the role of this netfilter rule ? Without that it seems to work well...

Olivier


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users