[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] XCP: ip restriction is completely broken for xenbr1, xenbr2, etc.


  • To: xen-api@xxxxxxxxxxxxx
  • From: George Shuklin <george.shuklin@xxxxxxxxx>
  • Date: Tue, 18 Dec 2012 18:24:48 +0400
  • Delivery-date: Tue, 18 Dec 2012 14:25:00 +0000
  • List-id: User and development list for XCP and XAPI <xen-api.lists.xen.org>

I found some kind of horrible bug in XCP 1.6.

After looking to src on github (master branch) I found it still there.

Way to reproduce:

create vif with device=15 (or any other >0).
set up locking-mode=locked
set up some ipv4-allowed.

xe vif-plug ....

expected result: rules for OVS applied to xenbr, corresponding to vif network's bridge.

actual result: device number (15) is is used as bridge number (xenbr15!).

I done some source code review:
Dec 18 18:17:54 rvc2-xh43 python: /opt/xensource/libexec/setup-vif-rules[8505] - Called with vif_type=vif, domid=1, devid=15, network_mode=openvswitch, action=filter

devid=15 <- WRONG

It use vif id from xenstore instead of proper 'bridge' field from network object.




_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.