[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] 'tap' VIF / vif-bridge / frob_iptables

On Mon, 2014-05-12 at 17:37 +0200, Sylvain Munaut wrote:
> Hi,
> 
> 
> I just installed a Xen 4.4 and when trying out a HVM domain, I noticed
> it didn't have connectivity. I narrowed this down to the iptables
> rules not being added properly: They were added for vifX.Y interface
> but not for the vifX.Y-emu interface.
> 
> I found this snipped in vif-bridge :
> 
> if [ "$type_if" = vif ]; then
>     handle_iptable
> fi
> 
> 
> So it seems to only do the 'iptables' stuff for the VIF interface and
> not the TAP one. And I'm not really sure what's the reasoning behing
> this. I have FORWARD policy to DROP, so without this, the tap
> interface can't exchange any packets.

Did this ever used to work for emulated devices? It used to be (several
releases ago) that the emulated devices weren't even configured by this
same script (it was /etc/qemu-ifup or something I think).

The patch which made emulated devices use block-* instead went into
4.1.0 from the looks of things and it was the same patch which added the
above handle_ip check.

> Just modifying or removing this test is not sufficient however,
> because in vif-common.sh, there is quite a bit of tests that rely on
> "$command" == "online" tests which just don't work for tap interfaces
> because the command is "add" and not "online" for those (not sure why
> that is ...).

The two drivers (netback.ko, tap.ko) use different event names, due to
some sort of historical accident I think.

> Fixing those tests to also accept "add" fixed my issue.

This was the correct thing to do I think.

> Is there a rationale behind the current behavior ? Am I the only one
> to have encountered this issue ?

You seem to be the first to be mentioning it at least... AFAICT your
analysis is correct and there is no reason not to do this setup for
emulated devices too.

If you have a fix then please submit a patch:
http://wiki.xen.org/wiki/Submitting_Xen_Patches

Ian.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.