[libvirt] iptables --physdev-out warnings

Stefan Berger stefanb at us.ibm.com
Thu Jan 17 11:33:07 UTC 2013 

Eric Blake <eblake at redhat.com> wrote on 01/16/2013 07:48:17 PM:

> From: Eric Blake <eblake at redhat.com>
> To: Reinier Schoof <reinier at transip.nl>, 
> Cc: libvir-list at redhat.com, Stefan Berger/Watson/IBM at IBMUS
> Date: 01/16/2013 07:49 PM
> Subject: Re: [libvirt] iptables --physdev-out warnings
> 
> On 01/16/2013 03:23 AM, Reinier Schoof wrote:
> > 
> > I patched the libvirt source (version 1.0.0) to test whether this 
works
> > or not:
> > --- src/nwfilter/nwfilter_ebiptables_driver.c.orig      2013-01-16
> > 10:51:43.000000000 +0100
> > +++ src/nwfilter/nwfilter_ebiptables_driver.c   2013-01-16
> > 10:52:07.000000000 +0100
> > @@ -166,7 +166,7 @@
> >      snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], 
ifname)
> > 
> >  #define PHYSDEV_IN  "--physdev-in"
> > -#define PHYSDEV_OUT "--physdev-out"
> > +#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
> > 
> 
> Thanks for the report, and also for a quick patch attempt.
> 
> >  The warnings in /var/log/messages are gone and running the test again
> > proved the 100th VM started in 3.8 seconds. It suprises me I'm the 
first
> > to mention this problem on the libvirt mailing list and I wondering if
> > I'm doing something wrong. Until then, this fix helps me a lot!
> 
> I took a look on RHEL 5.9, to see if --physdev-is-bridged was supported
> in iptables that old (1.3.5).  It appears to be listed there, so you are
> in luck.
> 
> It would be nice if you can convert this to a formal git patch
> submission (see http://libvirt.org/hacking.html); but if you are not
> comfortable doing that, we can help.  I'd like to see if Laine or Stefan
> have any comments; but if they don't reject this in another day or two,
> I have no problems going ahead and applying it.

It looks good to me. please go ahead.

Regards,
   Stefan

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130117/eac85074/attachment-0001.htm>

More information about the libvir-list mailing list