[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] XCP: ip restriction is completely broken for xenbr1, xenbr2, etc.

To: xen-api@xxxxxxxxxxxxx
From: George Shuklin <george.shuklin@xxxxxxxxx>
Date: Tue, 18 Dec 2012 18:24:48 +0400
Delivery-date: Tue, 18 Dec 2012 14:25:00 +0000
List-id: User and development list for XCP and XAPI <xen-api.lists.xen.org>

I found some kind of horrible bug in XCP 1.6.

After looking to src on github (master branch) I found it still there.

Way to reproduce:

create vif with device=15 (or any other >0).
set up locking-mode=locked
set up some ipv4-allowed.

xe vif-plug ....

expected result: rules for OVS applied to xenbr, corresponding to vifnetwork's bridge.


actual result: device number (15) is is used as bridge number (xenbr15!).

I done some source code review:

Dec 18 18:17:54 rvc2-xh43 python:/opt/xensource/libexec/setup-vif-rules[8505] - Called with vif_type=vif,domid=1, devid=15, network_mode=openvswitch, action=filter


devid=15 <- WRONG

It use vif id from xenstore instead of proper 'bridge' field fromnetwork object.





_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

Prev by Date: [Xen-API] Creating an SR from an already mounted moosefs share
Next by Date: [Xen-API] Poor xapi Performance Exporting/Importing VM's on XCP 1.6
Previous by thread: [Xen-API] Creating an SR from an already mounted moosefs share
Next by thread: [Xen-API] Poor xapi Performance Exporting/Importing VM's on XCP 1.6
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.