[libvirt-users] netfilter+libvirt=(smth got broken?)
Laine Stump
laine at laine.org
Wed Mar 20 20:41:46 UTC 2013
On 03/20/2013 09:41 AM, Nikolai Zhubr wrote:
> Hello,
> 20.03.2013 16:47, I wrote:
> [...]
>> This all looks to me as if "--ctdir" argument somehow magically changed
>> its meaning to the opposite, but this just cannot be! I'm out of ideas
>> and looking for insights. Any hints appreciated quite a lot.
>
> Some more searching over maillists yielded this (quite astonishing):
>
> net/netfilter/xt_conntrack.c
> diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
> index 2c0086a..481a86f 100644
> --- a/net/netfilter/xt_conntrack.c
> +++ b/net/netfilter/xt_conntrack.c
> @@ -195,7 +195,7 @@ conntrack_mt(const struct sk_buff *skb, struct
> xt_action_param *par,
> return info->match_flags & XT_CONNTRACK_STATE;
> if ((info->match_flags & XT_CONNTRACK_DIRECTION) &&
> (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) ^
> - !!(info->invert_flags & XT_CONNTRACK_DIRECTION))
> + !(info->invert_flags & XT_CONNTRACK_DIRECTION))
> return false;
>
> if (info->match_flags & XT_CONNTRACK_ORIGSRC)
>
> So apparently, netfilter's behaviour was indeed reversed at some
> point, therefore libvirt stopped working properly.
To save me the trouble, can you point me at a copy of the patch so I can
read the commit message?
That seems a very bad thing to do :-/
>
> I'd guess libvirt needs to be adapted then? Is it a known issue or
> should I fill in bugreport at Novell/Red Hat?
I suppose it needs to be adapted, but how are we supposed to know which
way to go? Some magic number of kernel version?
Bah. (This is the 2nd issue this week caused by a change in kernel ABI,
so I'm not in a good mood...)
More information about the libvirt-users
mailing list