[Xen-users] 'tap' VIF / vif-bridge / frob_iptables

[Sylvain Munaut <s.munaut@xxxxxxxxxxxxxxxxxxxx>]

Hi,


I just installed a Xen 4.4 and when trying out a HVM domain, I noticed
it didn't have connectivity. I narrowed this down to the iptables
rules not being added properly: They were added for vifX.Y interface
but not for the vifX.Y-emu interface.

I found this snipped in vif-bridge :

if [ "$type_if" = vif ]; then
    handle_iptable
fi


So it seems to only do the 'iptables' stuff for the VIF interface and
not the TAP one. And I'm not really sure what's the reasoning behing
this. I have FORWARD policy to DROP, so without this, the tap
interface can't exchange any packets.

Just modifying or removing this test is not sufficient however,
because in vif-common.sh, there is quite a bit of tests that rely on
"$command" == "online" tests which just don't work for tap interfaces
because the command is "add" and not "online" for those (not sure why
that is ...).

Fixing those tests to also accept "add" fixed my issue.


Is there a rationale behind the current behavior ? Am I the only one
to have encountered this issue ?



Cheers,

    Sylvain Munaut

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users