This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] dom0 can see connections from domU-s

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] dom0 can see connections from domU-s
From: Deyan Chepishev <dchepishev@xxxxxxxxx>
Date: Tue, 25 Aug 2009 01:48:51 +0300
Delivery-date: Mon, 24 Aug 2009 15:49:38 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=2zb3LP3v26FSZy9sJbeJ0hWQv75jCVu6lT8QAluF2g0=; b=GlATJ3rC95/ji6DnlzW/FNUgEiqIWo5C+QjBM9EUpuEyHA6djCtFKmZdAc9Ss2iBFk j7Ts722HzfKjNvndFI/nDxvvlWbBfJhb7y5lSNWHsndBT3w7tzlzka+XwuOc34xut3j/ LTzjfcfevTcQCLVT8mg6SNOISJLBKww14MI5I=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=ND21ZGqWI5wBpuPaEttfCVIwqWANIodWFgX/xQhofTY4+tws0AW5rtsfETQdYV1hlF Q2cLki2ewzgeGcBoVb8SLs0nvRE7jIq1S5lO0mbQU5u6tEhbx9dDR+rwvITKsSmG4Pac hRX3y7+MBWkOxhhGv0LSppDF2iy+Loh21nAv8=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20090710 Fedora/1.1.17-1.fc11 SeaMonkey/1.1.17

I have a little problem.

I can see all the guest (domU) connections in dom0's /proc/net/ip_conntrack. As you can imagine the conntrack table starts to get filled when lots of connections are made on domU machines. Is there a way to stop this behavior?

My config is:
OS: Centos 5.3
XEN: xen-3.3.1-0 manually compiled from gitco's SRPMS
Kernel: 2.6.18-128.4.1.el5xen on bot dom0 and domU

I have had exactly the same problem before, but it disappeared after I manually compiled kernel 2.6.18 with xen patches. However I need an more up to date kernel now and want to use xen kernel from centos.

I need help if someone know how can I prevent this from happening.

Thank you


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>