Xen project Mailing List

RE: [Xen-devel] [PATCH] Re: network-bridge scriptbreaks networkconnectivity

To: "Herbert Xu" <herbert@xxxxxxxxxxxxxxxxxxx>, "Luciano Miguel Ferreira Rocha" <strange@xxxxxxxxxxxxx>

From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>

Date: Tue, 11 Jul 2006 18:51:57 +0100

Cc: xen-devel@xxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 11 Jul 2006 10:52:36 -0700

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Thread-index: Acak1Zw9lteIz2PsTaCeBqQ2MQC4hgAPI3hw

Thread-topic: [Xen-devel] [PATCH] Re: network-bridge scriptbreaks networkconnectivity

> Luciano Miguel Ferreira Rocha <strange@xxxxxxxxxxxxx> wrote: > > > >> The interaction with host firewall rules has always been a bit icky, not > >> least because the xen network scripts typically run after the host's > >> firewall scripts (and rename the network device). I've never understood > >> what happens to the firewall rules - do they stay with the old eth0 (now > >> peth0) or do they now apply to the new device name? > > > > IIRC, interface names in iptables rules are symbolic, so eth0 means what > > currently stands for eth0. > > Correct. Only the interface name is compared. Just to be doubly clear, do you mean that the name is compared at the time the rule is submitted, or at the time it is evaluated? I presume the former? In which case, it will end up referring to peth0 rather than eth0 because the rename happens after the rules are submitted. If the latter, is there a per-packet strcmp or is there some clever caching? Thanks, Ian _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.