[libvirt] iptables --physdev-out warnings
Eric Blake
eblake at redhat.com
Thu Jan 17 00:48:17 UTC 2013
On 01/16/2013 03:23 AM, Reinier Schoof wrote:
>
> I patched the libvirt source (version 1.0.0) to test whether this works
> or not:
> --- src/nwfilter/nwfilter_ebiptables_driver.c.orig 2013-01-16
> 10:51:43.000000000 +0100
> +++ src/nwfilter/nwfilter_ebiptables_driver.c 2013-01-16
> 10:52:07.000000000 +0100
> @@ -166,7 +166,7 @@
> snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
>
> #define PHYSDEV_IN "--physdev-in"
> -#define PHYSDEV_OUT "--physdev-out"
> +#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
>
Thanks for the report, and also for a quick patch attempt.
> The warnings in /var/log/messages are gone and running the test again
> proved the 100th VM started in 3.8 seconds. It suprises me I'm the first
> to mention this problem on the libvirt mailing list and I wondering if
> I'm doing something wrong. Until then, this fix helps me a lot!
I took a look on RHEL 5.9, to see if --physdev-is-bridged was supported
in iptables that old (1.3.5). It appears to be listed there, so you are
in luck.
It would be nice if you can convert this to a formal git patch
submission (see http://libvirt.org/hacking.html); but if you are not
comfortable doing that, we can help. I'd like to see if Laine or Stefan
have any comments; but if they don't reject this in another day or two,
I have no problems going ahead and applying it.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130116/62ab0bf8/attachment-0001.sig>
More information about the libvir-list
mailing list