[libvirt] [PATCH 1/3] Only check for IP forwarding, do not enable it
Laine Stump
laine at laine.org
Mon Oct 15 16:30:32 UTC 2012
On 10/15/2012 12:04 PM, Cole Robinson wrote:
> On 10/15/2012 10:54 AM, Michal Privoznik wrote:
>> On 15.10.2012 12:26, Benjamin Cama wrote:
>>>
>>> static int
>>> networkSetIPv6Sysctls(virNetworkObjPtr network)
>>> @@ -2140,11 +2172,9 @@ networkStartNetworkVirtual(struct network_driver *driver,
>>> if (virNetDevSetOnline(network->def->bridge, 1) < 0)
>>> goto err2;
>>>
>>> - /* If forwardType != NONE, turn on global IP forwarding */
>>> + /* If forwardType != NONE, check for IP forwarding */
>>> if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE &&
>>> - networkEnableIpForwarding(v4present, v6present) < 0) {
>>> - virReportSystemError(errno, "%s",
>>> - _("failed to enable IP forwarding"));
>>> + networkCheckIpForwarding(v4present, v6present) < 0) {
>>> goto err3;
>>> }
>>>
>>>
>> Well, I am not sure if we can do this. What would happen if some of our
>> users rely on this already? I mean, it's there since ages.
>>
>> Michal
> Indeed this kinda defeats the purpose of the default virtual network that
> should 'just work' out of the box. Maybe we could add some libvirtd.conf
> option to enable this check-if-set behavior, but we can't change the default here.
We've had this discussion before:
http://www.redhat.com/archives/libvir-list/2010-October/msg00030.html
and in particular this response:
http://www.redhat.com/archives/libvir-list/2010-October/msg00183.html
In the end, the presence of a network with a forward mode that requires
L3 packet forwarding indicates tacit approval for ip_forward to be
turned on. The problem in the past has been that the default network
(which has <forward mode='nat'>) was a part of *all* libvirt installs.
That is now separated into its own sub-package, though.
So, the "config option" is to simply not install the default network (or
to remove it if it's there).
More information about the libvir-list
mailing list