WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --phy

from [Ian Jackson] [Permanent Link][Original]
To: Sander Eikelenboom <linux@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Tue, 9 Nov 2010 16:53:19 +0000
Cc: "Xen-devel@xxxxxxxxxxxxxxxxxxx" <Xen-devel@xxxxxxxxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Tue, 09 Nov 2010 08:54:15 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4010012490.20101108235313@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Newsgroups: chiark.mail.xen.devel
References: <4010012490.20101108235313@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Sander Eikelenboom writes ("[Xen-devel] [PATCH] vif-common.sh prevent physdev 
match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for 
non-bridged traffic is not supported anymore"):
> -  iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
> +  iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$vif" 
> "$@" -j ACCEPT \

This will break on earlier iptables and/or earlier kernels.

Is there a way to detect whether --physdev-is-bridged is going to work ?

We could grep the output from iptables but is that sufficient ?  I
guess we may need to check for kernel behaviour too somehow.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] Fix pci passthru in xend interface used by libvirt [and 1 more messages], Ian Jackson
Next by Date:  Re: [Xen-devel] [xen-4.0-testing test] 2589: regressions - FAIL, Ian Jackson
Previous by Thread:  Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore, Teck Choon Giam
Next by Thread:  Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore, Sander Eikelenboom
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy