WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-4.0-testing] tools/hotplug/Linux: Avoid dependency

from [Xen patchbot-4.0-testing] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-4.0-testing] tools/hotplug/Linux: Avoid dependency on iptables conntrack module.
From: "Xen patchbot-4.0-testing" <patchbot-4.0-testing@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Dec 2010 11:35:29 -0800
Delivery-date: Thu, 23 Dec 2010 11:38:00 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir@xxxxxxx>
# Date 1292602434 0
# Node ID af7110f4f80307413cec60ae4191d6863ba1b540
# Parent  8d8c8886e8d5949668de9d3f7be7c751ca18335f
tools/hotplug/Linux: Avoid dependency on iptables conntrack module.

Checking for RELATED,ESTABLISHED traffic being sent to a domU requires
connection tracking, which adds unexpected (to most users) load to
dom0. Heavily loaded systems can fill the conntrack tables.

So avoid this, be more liberal in what we accept, and leave it to domU
to police its own input.

Signed-off-by: Keir Fraser <keir@xxxxxxx>
xen-unstable changeset:   22573:ff1b80ccecd9
xen-unstable date:        Fri Dec 17 16:12:37 2010 +0000

tools/hotplug/Linux: supply --physdev-is-bridged in iptables runes

With newer (pvops) kernels logs get flooded with this iptables
warning: physdev match: using --physdev-out in the OUTPUT, FORWARD and
POSTROUTING chains for non-bridged traffic is not supported anymore

Using the --physdev-is-bridged option prevents this.
See also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571634#10

Signed-off-by: Sander Eikelenboom <linux@xxxxxxxxxxxxxx>
Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
xen-unstable changeset:   22385:b0fe8260cefa
xen-unstable date:        Wed Nov 10 14:37:19 2010 +0000
---
 tools/hotplug/Linux/vif-common.sh |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff -r 8d8c8886e8d5 -r af7110f4f803 tools/hotplug/Linux/vif-common.sh
--- a/tools/hotplug/Linux/vif-common.sh Fri Dec 17 14:17:31 2010 +0000
+++ b/tools/hotplug/Linux/vif-common.sh Fri Dec 17 16:13:54 2010 +0000
@@ -73,10 +73,10 @@ frob_iptable()
     local c="-D"
   fi
 
-  iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
-    2>/dev/null &&
-  iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev \
-    --physdev-out "$vif" -j ACCEPT 2>/dev/null
+  iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$vif" \
+    "$@" -j ACCEPT 2>/dev/null &&
+  iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-out "$vif" \
+    -j ACCEPT 2>/dev/null
 
   if [ "$command" == "online" -a $? -ne 0 ]
   then

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-4.0-testing] tools/hotplug/Linux: Avoid dependency on iptables conntrack module., Xen patchbot-4.0-testing <=
Previous by Date:  [Xen-changelog] [xen-4.0-testing] vtd: Reinstate ACPI DMAR on system shutdown or S3/S4/S5., Xen patchbot-4.0-testing
Next by Date:  [Xen-changelog] [xen-4.0-testing] tools: provide explicit target for refetching/resetting qemu, Xen patchbot-4.0-testing
Previous by Thread:  [Xen-changelog] [xen-4.0-testing] vtd: Reinstate ACPI DMAR on system shutdown or S3/S4/S5., Xen patchbot-4.0-testing
Next by Thread:  [Xen-changelog] [xen-4.0-testing] tools: provide explicit target for refetching/resetting qemu, Xen patchbot-4.0-testing
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy