rpms/xen/devel xen-net-disable-bridge-by-default.patch, NONE, 1.1 xen-net-disable-iptables-on-bridge.patch, NONE, 1.1 xen.spec, 1.209, 1.210

Mark McLoughlin (markmc) fedora-extras-commits at redhat.com
Mon Feb 18 23:09:40 UTC 2008 

Author: markmc

Update of /cvs/pkgs/rpms/xen/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23702

Modified Files:
	xen.spec 
Added Files:
	xen-net-disable-bridge-by-default.patch 
	xen-net-disable-iptables-on-bridge.patch 
Log Message:
* Mon Feb 18 2008 Mark McLoughlin <markmc at redhat.com> - 3.2.0-7.fc9
- Restore some network-bridge patches lost during 3.2.0 rebase


xen-net-disable-bridge-by-default.patch:

--- NEW FILE xen-net-disable-bridge-by-default.patch ---
Disable network-bridge script by default to avoid
NetworkManager conflict

diff -up xen-3.2.0/tools/examples/xend-config.sxp.disable-bridge-by-default xen-3.2.0/tools/examples/xend-config.sxp
--- xen-3.2.0/tools/examples/xend-config.sxp.disable-bridge-by-default	2008-02-18 22:35:26.000000000 +0000
+++ xen-3.2.0/tools/examples/xend-config.sxp	2008-02-18 22:53:37.000000000 +0000
@@ -140,7 +140,15 @@
 # two fake interfaces per guest domain.  To do things like this, write
 # yourself a wrapper script, and call network-bridge from it, as appropriate.
 #
-(network-script network-bridge)
+#####################################
+#
+# We assume NetworkManager is enabled by default & managing public
+# interfaces, including their bridge membership. Xen's networking
+# setup thus serves no useful purpose.
+(network-script /bin/true)
+# Only uncomment this if you are using legacy network init scripts. This 
+# will *NOT* play nicely with NetworkManager
+#(network-script network-bridge)
 
 # The script used to control virtual interfaces.  This can be overridden on a
 # per-vif basis when creating a domain or a configuring a new vif.  The
@@ -160,12 +168,14 @@
 
 ## Use the following if network traffic is routed, as an alternative to the
 # settings for bridged networking given above.
+# NB: Obsolete. See note above for LAPTOP USERS
 #(network-script network-route)
 #(vif-script     vif-route)
 
 
 ## Use the following if network traffic is routed with NAT, as an alternative
 # to the settings for bridged networking given above.
+# NB: Obsolete. See note above for LAPTOP USERS
 #(network-script network-nat)
 #(vif-script     vif-nat)
 

xen-net-disable-iptables-on-bridge.patch:

--- NEW FILE xen-net-disable-iptables-on-bridge.patch ---
We don't want the system's iptables filter/FORWARD
rules to apply to traffic on our bridge.

diff -up xen-3.2.0/tools/examples/xen-network-common.sh.disable-iptables-on-bridge xen-3.2.0/tools/examples/xen-network-common.sh
--- xen-3.2.0/tools/examples/xen-network-common.sh.disable-iptables-on-bridge	2008-01-16 18:34:59.000000000 +0000
+++ xen-3.2.0/tools/examples/xen-network-common.sh	2008-02-18 22:54:18.000000000 +0000
@@ -109,6 +109,13 @@ create_bridge () {
 	brctl addbr ${bridge}
 	brctl stp ${bridge} off
 	brctl setfd ${bridge} 0
+	# Setting these to zero stops guest<->LAN traffic
+	# traversing the bridge from hitting the *tables
+	# rulesets. guest<->host traffic still gets processed
+	# by the host's iptables rules so this isn't a hole
+	sysctl -q -w "net.bridge.bridge-nf-call-arptables=0"
+	sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0"
+	sysctl -q -w "net.bridge.bridge-nf-call-iptables=0"
     fi
 }
 
diff -up xen-3.2.0/tools/examples/vif-bridge.disable-iptables-on-bridge xen-3.2.0/tools/examples/vif-bridge
--- xen-3.2.0/tools/examples/vif-bridge.disable-iptables-on-bridge	2008-01-16 18:34:59.000000000 +0000
+++ xen-3.2.0/tools/examples/vif-bridge	2008-02-18 22:54:18.000000000 +0000
@@ -91,8 +91,6 @@ case "$command" in
         ;;
 esac
 
-handle_iptable
-
 log debug "Successful vif-bridge $command for $vif, bridge $bridge."
 if [ "$command" == "online" ]
 then


Index: xen.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xen/devel/xen.spec,v
retrieving revision 1.209
retrieving revision 1.210
diff -u -r1.209 -r1.210
--- xen.spec	6 Feb 2008 18:23:16 -0000	1.209
+++ xen.spec	18 Feb 2008 23:09:04 -0000	1.210
@@ -2,7 +2,7 @@
 
 # Always set these 3 tags
 %define base_version 3.2.0
-%define base_release 6
+%define base_release 7
 
 # Hypervisor ABI
 %define hv_abi  3.2
@@ -71,6 +71,9 @@
 Patch10: xen-disable-latex-docs.patch
 Patch13: xen-dumpdir.patch
 
+Patch14: xen-net-disable-bridge-by-default.patch
+Patch15: xen-net-disable-iptables-on-bridge.patch
+
 Patch36: xen-qemu-bootmenu.patch
 
 # Patches to modify the default config of xend
@@ -166,6 +169,8 @@
 %patch9 -p1
 %patch10 -p1
 %patch13 -p1
+%patch14 -p1
+%patch15 -p1
 
 %patch36 -p1
 
@@ -448,6 +453,9 @@
 %{_libdir}/*.a
 
 %changelog
+* Mon Feb 18 2008 Mark McLoughlin <markmc at redhat.com> - 3.2.0-7.fc9
+- Restore some network-bridge patches lost during 3.2.0 rebase
+
 * Wed Feb  6 2008 Daniel P. Berrange <berrange at redhat.com> - 3.2.0-6.fc9
 - Fixed xenstore-ls to automatically use xenstored socket as needed

More information about the fedora-extras-commits mailing list