WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --phy

from [Sander Eikelenboom] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore
From: Sander Eikelenboom <linux@xxxxxxxxxxxxxx>
Date: Tue, 9 Nov 2010 19:29:07 +0100
Cc: "Xen-devel@xxxxxxxxxxxxxxxxxxx" <Xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Tue, 09 Nov 2010 10:29:52 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <19673.31871.224226.14651@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Eikelenboom IT services
References: <4010012490.20101108235313@xxxxxxxxxxxxxx> <19673.31871.224226.14651@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Tuesday, November 9, 2010, 5:53:19 PM, you wrote:

> Sander Eikelenboom writes ("[Xen-devel] [PATCH] vif-common.sh prevent physdev 
> match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for 
> non-bridged traffic is not supported anymore"):
>> -  iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
>> +  iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$vif" 
>> "$@" -j ACCEPT \

> This will break on earlier iptables and/or earlier kernels.

> Is there a way to detect whether --physdev-is-bridged is going to work ?

> We could grep the output from iptables but is that sufficient ?  I
> guess we may need to check for kernel behaviour too somehow.

Good point, although I don't have a config with an old enough iptables/kernel 
to test what happens in that case ..
The option should be available from before 2008 
(http://ipset.netfilter.org/iptables.man.html) though.


> Ian.



-- 
Best regards,
 Sander                            mailto:linux@xxxxxxxxxxxxxx


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] xend: drbd improvements, Ian Jackson
Next by Date:  Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore, Ian Jackson
Previous by Thread:  Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore, Ian Jackson
Next by Thread:  Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore, Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy