[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] dom0 can see connections from domU-s

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Deyan Chepishev <dchepishev@xxxxxxxxx>
  • Date: Tue, 25 Aug 2009 01:48:51 +0300
  • Delivery-date: Mon, 24 Aug 2009 15:49:38 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=ND21ZGqWI5wBpuPaEttfCVIwqWANIodWFgX/xQhofTY4+tws0AW5rtsfETQdYV1hlF Q2cLki2ewzgeGcBoVb8SLs0nvRE7jIq1S5lO0mbQU5u6tEhbx9dDR+rwvITKsSmG4Pac hRX3y7+MBWkOxhhGv0LSppDF2iy+Loh21nAv8=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>


I have a little problem.

I can see all the guest (domU) connections in dom0's /proc/net/ip_conntrack. As you can imagine the conntrack table starts to get filled when lots of connections are made on domU machines. Is there a way to stop this behavior?

My config is:
OS: Centos 5.3
XEN: xen-3.3.1-0 manually compiled from gitco's SRPMS
Kernel: 2.6.18-128.4.1.el5xen on bot dom0 and domU

I have had exactly the same problem before, but it disappeared after I manually compiled kernel 2.6.18 with xen patches. However I need an more up to date kernel now and want to use xen kernel from centos.

I need help if someone know how can I prevent this from happening.

Thank you


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.