[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore

To: Sander Eikelenboom <linux@xxxxxxxxxxxxxx>
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Tue, 9 Nov 2010 16:53:19 +0000
Cc: "Xen-devel@xxxxxxxxxxxxxxxxxxx" <Xen-devel@xxxxxxxxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Tue, 09 Nov 2010 08:54:15 -0800
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Sander Eikelenboom writes ("[Xen-devel] [PATCH] vif-common.sh prevent physdev 
match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for 
non-bridged traffic is not supported anymore"):
> -  iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
> +  iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$vif" 
> "$@" -j ACCEPT \

This will break on earlier iptables and/or earlier kernels.

Is there a way to detect whether --physdev-is-bridged is going to work ?

We could grep the output from iptables but is that sufficient ?  I
guess we may need to check for kernel behaviour too somehow.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore
  - From: Sander Eikelenboom

References:
- [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore
  - From: Sander Eikelenboom

Prev by Date: Re: [Xen-devel] [PATCH] Fix pci passthru in xend interface used by libvirt [and 1 more messages]
Next by Date: Re: [Xen-devel] [xen-4.0-testing test] 2589: regressions - FAIL
Previous by thread: Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore
Next by thread: Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.