[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
  • Date: Fri, 3 Sep 2010 10:06:26 +1000
  • Delivery-date: Thu, 02 Sep 2010 17:07:18 -0700
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: ActK+9m4909U7dnmQ3y4JWpow0rHRQ==
  • Thread-topic: physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
I see lots and lots of " physdev match: using --physdev-out in the
OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not
supported anymore." in the kernel logs. You can turn off some of the
iptables stuff by turning off antispoofing but the stuff in
vif-common.sh is not under admin control.

Not tested, but I think something like this might be required to make it
work better:

---
/usr/local/src/xen-4.0-testing.hg/dist/install/etc/xen/scripts/vif-commo
n.sh        2010-08-25 22:05:47.000000000 +1000
+++ vif-common.sh       2010-09-03 10:05:03.316931684 +1000
@@ -66,6 +66,11 @@

 frob_iptable()
 {
+  if [ `cat /proc/sys/net/bridge/bridge-nf-call-iptables` != "1" ]
+  then
+    # bridge packets not going through iptables
+    return
+  fi
   if [ "$command" == "online" ]
   then
     local c="-I"

James

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.