[libvirt] [PATCH v3] nwfilter: probe for inverted ctdir
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Mar 26 11:59:47 UTC 2013
On 03/22/2013 04:37 PM, Stefan Berger wrote:
> Linux netfilter at some point inverted the meaning of the '--ctdir reply'
> and newer netfilter implementations now expect '--ctdir original'
> instead and vice-versa.
> We probe for this netfilter change via a UDP message over loopback and 3
> filtering rules applied to INPUT two times, one time with '--ctdir
> original'
> which should then work on 'fixed' netfilter and one other time with
> '--ctdir reply' which should only work on the 'old' netfilter.
> If neither one of the tests gets the data through, then the loopback
> device
> is probably not configured correctly. If both tests get the data through
> something must be seriously wrong. In both of these two latter cases
> no '--ctdir' will then be applied to the rules.
Are you going to let 1.0.4 sail without 'something like this'?
More information about the libvir-list
mailing list