<tt>Eric Blake <eblake@redhat.com> wrote on 01/16/2013 07:48:17 PM: > From: Eric Blake <eblake@redhat.com></tt> <tt>> To: Reinier Schoof <reinier@transip.nl>, </tt> <tt>> Cc: libvir-list@redhat.com, Stefan Berger/Watson/IBM@IBMUS</tt> <tt>> Date: 01/16/2013 07:49 PM</tt> <tt>> Subject: Re: [libvirt] iptables --physdev-out warnings</tt> <tt>> > On 01/16/2013 03:23 AM, Reinier Schoof wrote: > > > > I patched the libvirt source (version 1.0.0) to test whether this works > > or not: > > --- src/nwfilter/nwfilter_ebiptables_driver.c.orig 2013-01-16 > > 10:51:43.000000000 +0100 > > +++ src/nwfilter/nwfilter_ebiptables_driver.c 2013-01-16 > > 10:52:07.000000000 +0100 > > @@ -166,7 +166,7 @@ > > snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname) > > > > #define PHYSDEV_IN "--physdev-in" > > -#define PHYSDEV_OUT "--physdev-out" > > +#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out" > > > > Thanks for the report, and also for a quick patch attempt. > > > The warnings in /var/log/messages are gone and running the test again > > proved the 100th VM started in 3.8 seconds. It suprises me I'm the first > > to mention this problem on the libvirt mailing list and I wondering if > > I'm doing something wrong. Until then, this fix helps me a lot! > > I took a look on RHEL 5.9, to see if --physdev-is-bridged was supported > in iptables that old (1.3.5). It appears to be listed there, so you are > in luck. > > It would be nice if you can convert this to a formal git patch > submission (see </tt><a href=http://libvirt.org/hacking.html><tt>http://libvirt.org/hacking.html</tt></a><tt>); but if you are not > comfortable doing that, we can help. I'd like to see if Laine or Stefan > have any comments; but if they don't reject this in another day or two, > I have no problems going ahead and applying it.</tt> <tt>It looks good to me. please go ahead.</tt> <tt>Regards,</tt> <tt> Stefan</tt> <tt> </tt>