March 2014 - Devel - Libvirt List Archives

[libvirt] [PATCH 0/3] ABI change: change group name of option table to match with option name

by Amos Kong

This patchset changes group names of option tables to match with option name, this breakes ABI, release note was updated. Amos Kong (3): only add qemu_tpmdev_opts when CONFIG_TPM is defined abort QEMU if group name in option table doesn't match with defined option name update names in option tables to match with actual command-line spelling hw/acpi/core.c | 8 ++++---- hw/nvram/fw_cfg.c | 4 ++-- include/qemu/option.h | 2 +- qemu-options.h | 12 ++++++++++++ util/qemu-config.c | 28 ++++++++++++++++++++++++++++ vl.c | 37 +++++++++++++------------------------ 6 files changed, 60 insertions(+), 31 deletions(-) -- 1.8.5.3

11 years, 2 months

2
5
0 / 0

[libvirt] [PATCHv3] Fix Memory Leak in virQEMUCapsInitGuestFromBinary()

by Nehal J Wani

While running qemucaps2xmltest, it was found that valgrind pointed out the following memory leaks: ==29896== 0 bytes in 1 blocks are definitely lost in loss record 1 of 65 ==29896== at 0x4A0577B: calloc (vg_replace_malloc.c:593) ==29896== by 0x4C6B45E: virAllocN (viralloc.c:191) ==29896== by 0x4232A9: virQEMUCapsGetMachineTypesCaps (qemu_capabilities.c:1999) ==29896== by 0x4234E7: virQEMUCapsInitGuestFromBinary (qemu_capabilities.c:789) ==29896== by 0x41F10B: testQemuCapsXML (qemucaps2xmltest.c:118) ==29896== by 0x41FFD1: virtTestRun (testutils.c:201) ==29896== by 0x41EE7A: mymain (qemucaps2xmltest.c:203) ==29896== by 0x42074D: virtTestMain (testutils.c:789) ==29896== by 0x3E6CE1ED1C: (below main) (libc-start.c:226) ==29896== ==29896== 0 bytes in 1 blocks are definitely lost in loss record 2 of 65 ==29896== at 0x4A0577B: calloc (vg_replace_malloc.c:593) ==29896== by 0x4C6B45E: virAllocN (viralloc.c:191) ==29896== by 0x4232A9: virQEMUCapsGetMachineTypesCaps (qemu_capabilities.c:1999) ==29896== by 0x4234E7: virQEMUCapsInitGuestFromBinary (qemu_capabilities.c:789) ==29896== by 0x41F10B: testQemuCapsXML (qemucaps2xmltest.c:118) ==29896== by 0x41FFD1: virtTestRun (testutils.c:201) ==29896== by 0x41EEA3: mymain (qemucaps2xmltest.c:204) ==29896== by 0x42074D: virtTestMain (testutils.c:789) ==29896== by 0x3E6CE1ED1C: (below main) (libc-start.c:226) --- Based on Daniel's comments. v2: https://www.redhat.com/archives/libvir-list/2014-March/msg01672.html v1: https://www.redhat.com/archives/libvir-list/2014-March/msg01667.html src/qemu/qemu_capabilities.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 7673592..e4c1cbd 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -1996,10 +1996,12 @@ int virQEMUCapsGetMachineTypesCaps(virQEMUCapsPtr qemuCaps, *nmachines = 0; *machines = NULL; - if (VIR_ALLOC_N(*machines, qemuCaps->nmachineTypes) < 0) - goto error; *nmachines = qemuCaps->nmachineTypes; + if (*nmachines && + VIR_ALLOC_N(*machines, qemuCaps->nmachineTypes) < 0) + goto error; + for (i = 0; i < qemuCaps->nmachineTypes; i++) { virCapsGuestMachinePtr mach; if (VIR_ALLOC(mach) < 0) -- 1.7.1

11 years, 2 months

2
2
0 / 0

[libvirt] [PATCH] util: fix a typo in virprocess.c

by Hongwei Bi

s/forcably/forcibly Signed-off-by: Hongwei Bi <hwbi2008(a)gmail.com> --- src/util/virprocess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virprocess.c b/src/util/virprocess.c index 405ad06..9179d73 100644 --- a/src/util/virprocess.c +++ b/src/util/virprocess.c @@ -283,7 +283,7 @@ int virProcessKill(pid_t pid, int sig) * Try to kill the process and verify it has exited * * Returns 0 if it was killed gracefully, 1 if it - * was killed forcably, -1 if it is still alive, + * was killed forcibly, -1 if it is still alive, * or another error occurred. */ int -- 1.7.9.5

11 years, 2 months

2
1
0 / 0

[libvirt] [PATCH] Modify help information of virsh list command

by Li Yang

Use 'virsh list domain --title' option can get domain's title, not description, the original help information 'show short domain description' will confuse users, so modify it to 'show domain title' Signed-off-by: Li Yang <liyang.fnst(a)cn.fujitsu.com> --- tools/virsh-domain-monitor.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c index de4afbb..5d19388 100644 --- a/tools/virsh-domain-monitor.c +++ b/tools/virsh-domain-monitor.c @@ -1753,7 +1753,7 @@ static const vshCmdOptDef opts_list[] = { }, {.name = "title", .type = VSH_OT_BOOL, - .help = N_("show short domain description") + .help = N_("show domain title") }, {.name = NULL} }; -- 1.7.1

11 years, 2 months

2
1
0 / 0

[libvirt] [PATCH] docs: cgroups: fix typo about LXC cgroups

by Jean-Baptiste Rouault

--- docs/cgroups.html.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/cgroups.html.in b/docs/cgroups.html.in index f7c2450..33de453 100644 --- a/docs/cgroups.html.in +++ b/docs/cgroups.html.in @@ -33,9 +33,9 @@ <p> The LXC driver is capable of using the <code>cpuset</code>, - <code>cpu</code>, <code>cpuset</code>, <code>freezer</code>, + <code>cpu</code>, <code>cpuacct</code>, <code>freezer</code>, <code>memory</code>, <code>blkio</code> and <code>devices</code> - controllers. The <code>cpuset</code>, <code>devices</code> + controllers. The <code>cpuacct</code>, <code>devices</code> and <code>memory</code> controllers are compulsory. Without them mounted, no containers can be started. If any of the other controllers are not mounted, the resource management APIs -- 1.8.5.3

11 years, 2 months

2
1
0 / 0

[libvirt] [PATCH] libvirt-tck: 052-domain-hook.t - reload after hook cleanup

by Mike Latimer

Reload libvirtd after hook testing has completed. Otherwise, libvirtd is still expecting hook test scripts to exist. --- scripts/hooks/052-domain-hook.t | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/hooks/052-domain-hook.t b/scripts/hooks/052-domain-hook.t index 90b8a48..d1070b5 100644 --- a/scripts/hooks/052-domain-hook.t +++ b/scripts/hooks/052-domain-hook.t @@ -180,4 +180,8 @@ SKIP: { Sys::Virt::Error::ERR_NO_DOMAIN); $hook->cleanup(); + + diag "reload libvirtd after hook cleanup"; + $hook->action('reload'); + $hook->service_libvirtd(); }; -- 1.8.4.5

11 years, 2 months

3
3
0 / 0

[libvirt] question for qemu migrate fail by virDomainMigrate API

by Wangrui (K)

Hi everyone， when I use the API virDomainMigrate to do migration operation in KVM environment(libvirt1.1.0 qemu1.5.1), I encountered with some problems. I found that If the connection to source side is disconnected in the BEGIN phase of a migration, the migration job would fail. Further more, the following-up migration of the same VM would not be successful until restart libvirtd. The error log: libvirtd : 8406: error : virQEMUCloseCallbacksSet:781 : internal error Close callback for domain myvm1 already registered with another connection 0x7f023801a900 libvirt: Domain Config error : Requested operation is not valid: domain is already active as 'myvm1' I got the above error by following steps： step 1 : migrate VM. step 2 : disconnect the client connection to source libvirtd at once ,such as ctrl+c. step 3 : the migrate API returns fail. step 4 : migrate this VM again , fails and reports above error. The reason causing this problem may be: In the BEGIN phase of a migraion, it registers a close callback through virQEMUCloseCallbacksSet function. In the normal flow of migration, the registered callback is cleanup in the PERFORM and CONFIRM phase. But if the connection to source side is disconnected before PERFORM phase or between PERFORM phase and CONFIRM phase, the close callback will not be cleanup, and the problem mentioned above occurs. I have test it on libvirt1.2.2, it also happens. I tried, but could not find a good way to solve this problem. Does anyone have any good ideas? Thanks!

11 years, 2 months

1
0
0 / 0

[libvirt] libvirt Wiki account creation request

by Sophoklis Goumas

> ... > > We still welcome contributions from anyone interested in updating > content. Simply send an email to the main libvirt development list > asking for an account and one will be created for you with as little > delay as practical. > > ... Hence, Sophoklis

11 years, 2 months

2
1
0 / 0

[libvirt] [PATCH] Remove illegal values in nwfilter test XML/firewall files

by Daniel P. Berrange

A number of the nwfilter XML files have attribute values which are out of range. Previously the libvirt nwfilter XML parser would silently ignore illegal values, causing them to default to 0. This resulted in creating incorrect iptables rules, which the TCK suite then validated as correct. Current libvirt returns a hard error for illegal XML values. To address this we either change the attribute values to be valid, or delete the bogus rules entirely if they are duplicates of other existing valid rules. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall | 1 - scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 6 +++--- scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall | 6 +++--- scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall | 3 --- scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall | 4 +--- scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall | 4 +--- scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall | 1 - scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall | 1 - scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall | 6 +++--- scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall | 1 - scripts/nwfilter/nwfilterxml2xmlin/ah-ipv6-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/all-ipv6-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml | 5 ----- scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/esp-ipv6-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/hex-data-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/icmp-test.xml | 5 ----- scripts/nwfilter/nwfilterxml2xmlin/icmpv6-test.xml | 4 ++-- scripts/nwfilter/nwfilterxml2xmlin/ip-test.xml | 8 +------- scripts/nwfilter/nwfilterxml2xmlin/ipv6-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/mac-test.xml | 4 ---- scripts/nwfilter/nwfilterxml2xmlin/rarp-test.xml | 5 ----- scripts/nwfilter/nwfilterxml2xmlin/sctp-ipv6-test.xml | 4 ++-- scripts/nwfilter/nwfilterxml2xmlin/sctp-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/tcp-ipv6-test.xml | 4 ++-- scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/udp-ipv6-test.xml | 6 +++--- scripts/nwfilter/nwfilterxml2xmlin/udp-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/udplite-ipv6-test.xml | 2 +- scripts/nwfilter/nwfilterxml2xmlin/vlan-test.xml | 7 ------- 30 files changed, 31 insertions(+), 74 deletions(-) diff --git a/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall index 6ff4eb9..34174a0 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/arp-test.fwall @@ -3,7 +3,6 @@ -p ARP -s 1:2:3:4:5:6 --arp-op Request --arp-htype 255 --arp-ptype 0xff -j ACCEPT -p ARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j ACCEPT -p ARP -s 1:2:3:4:5:6 --arp-op 65535 --arp-htype 65535 --arp-ptype 0xffff -j ACCEPT --p ARP -s 1:2:3:4:5:6 -j ACCEPT #ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$" -p ARP --arp-gratuitous -j ACCEPT #ebtables -t nat -L PREROUTING | grep vnet0 diff --git a/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall index 6ef30a5..842f3bb 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall @@ -31,21 +31,21 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --p #ip6tables -L FI-vnet0 -n Chain FI-vnet0 (1 references) target prot opt source destination -RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */ +RETURN tcp ::/0 a:b:c::/128 DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */ RETURN udp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ RETURN sctp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and two spaces */ RETURN ah ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ #ip6tables -L FO-vnet0 -n Chain FO-vnet0 (1 references) target prot opt source destination -ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY/* tcp/ipv6 rule */ +ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY/* tcp/ipv6 rule */ ACCEPT udp ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ ACCEPT sctp ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* comment with lone ', `, ", `, \, $x, and two spaces */ ACCEPT ah ::/0 ::/0 state NEW,ESTABLISHED ctdir REPLY/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ #ip6tables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination -RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */ +RETURN tcp ::/0 a:b:c::/128 DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */ RETURN udp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3 spaces' */ RETURN sctp ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and two spaces */ RETURN ah ::/0 ::/0 state ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */ diff --git a/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall index 66b0b71..2ed979e 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall @@ -31,15 +31,15 @@ FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --p #ip6tables -L FI-vnet0 -n Chain FI-vnet0 (1 references) target prot opt source destination -RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL +RETURN tcp ::/0 a:b:c::/128 DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL #ip6tables -L FO-vnet0 -n Chain FO-vnet0 (1 references) target prot opt source destination -ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY +ACCEPT tcp a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY #ip6tables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination -RETURN tcp ::/0 a:b:c::/128 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL +RETURN tcp ::/0 a:b:c::/128 DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " " HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-in -n | grep vnet0 | tr -s " " diff --git a/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall index e5f84e5..afdd95b 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall @@ -2,17 +2,14 @@ Chain FI-vnet0 (1 references) target prot opt source destination RETURN icmp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11 state NEW,ESTABLISHED -RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL #iptables -L FO-vnet0 -n Chain FO-vnet0 (1 references) target prot opt source destination ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21icmp type 255 code 255 state NEW,ESTABLISHED -ACCEPT icmp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY #iptables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination RETURN icmp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02icmp type 12 code 11 state NEW,ESTABLISHED -RETURN icmp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL #iptables -L libvirt-host-in -n | grep vnet0 | tr -s " " HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-in -n | grep vnet0 | tr -s " " diff --git a/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall index ed8eee0..4749f84 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall @@ -2,17 +2,15 @@ Chain FI-vnet0 (1 references) target prot opt source destination RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED -RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL #ip6tables -L FO-vnet0 -n Chain FO-vnet0 (1 references) target prot opt source destination ACCEPT icmpv6 a:b:c::/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED -ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY +ACCEPT icmpv6 ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED #ip6tables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination RETURN icmpv6 f:e:d::c:b:a/127 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED -RETURN icmpv6 ::/0 ::10.1.2.3/128 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL #ip6tables -L INPUT -n --line-numbers | grep libvirt 1 libvirt-host-in all ::/0 ::/0 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " " diff --git a/scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall index f3cd49b..dbd6497 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/ip-test.fwall @@ -5,8 +5,6 @@ #ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$" -p IPv4 -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --ip-src 10.1.2.3 --ip-dst 10.1.2.3 --ip-proto udp --ip-sport 20:22 --ip-dport 100:101 -j ACCEPT -p IPv4 --ip-src 10.1.0.0/17 --ip-dst 10.1.2.0/24 --ip-tos 0x3F --ip-proto udp -j ACCEPT --p IPv4 --ip-src 10.1.2.2/31 --ip-dst 10.1.2.3 -j ACCEPT #ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$" --p IPv4 --ip-src 10.1.2.2/31 --ip-dst 10.1.2.0/25 --ip-proto 255 -j ACCEPT --p IPv4 --ip-src 10.1.2.3 --ip-dst 10.1.2.2/31 -j ACCEPT +-p IPv4 --ip-src 10.1.2.2/31 --ip-dst 10.1.2.0/25 --ip-tos 0x3F --ip-proto 255 -j ACCEPT diff --git a/scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall index 2dd7952..bb00629 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/mac-test.fwall @@ -7,6 +7,5 @@ #ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$" -p IPv4 -d aa:bb:cc:dd:ee:ff -j ACCEPT -p 0x600 -d aa:bb:cc:dd:ee:ff -j ACCEPT --d aa:bb:cc:dd:ee:ff -j ACCEPT -p 0xffff -d aa:bb:cc:dd:ee:ff -j ACCEPT diff --git a/scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall index 77d9806..e0d9c8c 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/rarp-test.fwall @@ -3,7 +3,6 @@ -p RARP -s 1:2:3:4:5:6 --arp-op Request --arp-htype 255 --arp-ptype 0xff -j ACCEPT -p RARP -s 1:2:3:4:5:6 --arp-op 11 --arp-htype 256 --arp-ptype 0x100 -j ACCEPT -p RARP -s 1:2:3:4:5:6 --arp-op 65535 --arp-htype 65535 --arp-ptype 0xffff -j ACCEPT --p RARP -s 1:2:3:4:5:6 -j ACCEPT #ebtables -t nat -L PREROUTING | grep vnet0 -i vnet0 -j libvirt-I-vnet0 diff --git a/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall index dd7b19c..0a75421 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall @@ -2,19 +2,19 @@ Chain FI-vnet0 (1 references) target prot opt source destination RETURN udp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY -RETURN udp ::/0 ::/0 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL +RETURN udp ::/0 ::a:b:c/128 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL RETURN udp ::/0 ::10.1.2.3/128 DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL #ip6tables -L FO-vnet0 -n Chain FO-vnet0 (1 references) target prot opt source destination ACCEPT udp a:b:c::d:e:f/128 ::/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL -ACCEPT udp ::/0 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY +ACCEPT udp ::a:b:c/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY ACCEPT udp ::10.1.2.3/128 ::/0 MAC 01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY #ip6tables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination RETURN udp ::/0 a:b:c::d:e:f/128 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY -RETURN udp ::/0 ::/0 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL +RETURN udp ::/0 ::a:b:c/128 DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL RETURN udp ::/0 ::10.1.2.3/128 DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL #ip6tables -L INPUT -n --line-numbers | grep libvirt 1 libvirt-host-in all ::/0 ::/0 diff --git a/scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall index 603f470..a2fbfd3 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall +++ b/scripts/nwfilter/nwfilterxml2fwallout/vlan-test.fwall @@ -7,7 +7,6 @@ -p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 291 -j CONTINUE -p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 1234 -j RETURN -p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff --vlan-id 291 -j DROP --p 802_1Q -s 1:2:3:4:5:6 -d aa:bb:cc:dd:ee:ff -j ACCEPT #ebtables -t nat -L PREROUTING | grep vnet0 -i vnet0 -j libvirt-I-vnet0 #ebtables -t nat -L POSTROUTING | grep vnet0 diff --git a/scripts/nwfilter/nwfilterxml2xmlin/ah-ipv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/ah-ipv6-test.xml index 07d1ffe..95ebbc9 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/ah-ipv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/ah-ipv6-test.xml @@ -13,7 +13,7 @@ </rule> <rule action='accept' direction='in'> <ah-ipv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='::10.1.2.3' srcipmask='129' + srcipaddr='::10.1.2.3' srcipmask='128' dscp='33'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/all-ipv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/all-ipv6-test.xml index eb39bc3..5cf3519 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/all-ipv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/all-ipv6-test.xml @@ -13,7 +13,7 @@ </rule> <rule action='accept' direction='in'> <all-ipv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='::10.1.2.3' srcipmask='129' + srcipaddr='::10.1.2.3' srcipmask='128' dscp='33'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml index 2e08b32..d0abf94 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/arp-test.xml @@ -26,11 +26,6 @@ opcode='65535' hwtype='65535' protocoltype='65535' /> </rule> - <rule action='accept' direction='out'> - <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' - opcode='65536' hwtype='65536' protocoltype='65536' /> - </rule> - <rule action='accept' direction='in'> <arp gratuitous='true'/> </rule> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml index af5c5cc..a154a17 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/comment-test.xml @@ -50,7 +50,7 @@ <rule action='accept' direction='in'> <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' srcipaddr='a:b:c::' srcipmask='128' - dscp='0x40' + dscp='0x39' srcportstart='0x20' srcportend='0x21' dstportstart='0x100' dstportend='0x1111' comment='tcp/ipv6 rule'/> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/esp-ipv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/esp-ipv6-test.xml index 4dd9b98..295d0f9 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/esp-ipv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/esp-ipv6-test.xml @@ -13,7 +13,7 @@ </rule> <rule action='accept' direction='in'> <esp-ipv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='::10.1.2.3' srcipmask='129' + srcipaddr='::10.1.2.3' srcipmask='128' dscp='33'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/hex-data-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/hex-data-test.xml index d2da079..45df451 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/hex-data-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/hex-data-test.xml @@ -48,7 +48,7 @@ <rule action='accept' direction='in'> <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' srcipaddr='a:b:c::' srcipmask='128' - dscp='0x40' + dscp='0x39' srcportstart='0x20' srcportend='0x21' dstportstart='0x100' dstportend='0x1111'/> </rule> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/icmp-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/icmp-test.xml index 90f852b..fff5d42 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/icmp-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/icmp-test.xml @@ -10,9 +10,4 @@ srcipaddr='10.1.2.3' srcipmask='22' dscp='33' type='255' code='255'/> </rule> - <rule action='accept' direction='in'> - <icmp srcmacaddr='1:2:3:4:5:6' - srcipaddr='10.1.2.3' srcipmask='22' - dscp='33' type='256' code='256'/> - </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/icmpv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/icmpv6-test.xml index 01dc6e2..9d24826 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/icmpv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/icmpv6-test.xml @@ -13,7 +13,7 @@ </rule> <rule action='accept' direction='in'> <icmpv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='::10.1.2.3' srcipmask='129' - dscp='33' type='256' code='256'/> + srcipaddr='::10.1.2.3' srcipmask='128' + dscp='33' type='255' code='255'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/ip-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/ip-test.xml index 0a744a2..da362a1 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/ip-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/ip-test.xml @@ -21,14 +21,8 @@ <rule action='accept' direction='in'> <ip srcipaddr='10.1.2.3' srcipmask='255.255.255.254' dstipaddr='10.1.2.3' dstipmask='255.255.255.128' - protocol='255' dscp='64' + protocol='255' dscp='63' /> </rule> - <rule action='accept' direction='inout'> - <ip srcipaddr='10.1.2.3' srcipmask='255.255.255.127' - dstipaddr='10.1.2.3' dstipmask='255.255.255.254' - protocol='256' dscp='64' - /> - </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/ipv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/ipv6-test.xml index 7fa7181..9f67bea 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/ipv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/ipv6-test.xml @@ -28,7 +28,7 @@ dstipmask='ffff:ffff:ffff:ffff:8000::' protocol='6' srcportstart='255' srcportend='256' - dstportstart='65535' dstportend='65536' + dstportstart='65535' dstportend='65535' /> </rule> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/mac-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/mac-test.xml index 8f9565c..2aec935 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/mac-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/mac-test.xml @@ -14,10 +14,6 @@ </rule> <rule action='accept' direction='in'> <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' - protocolid='15'/> - </rule> - <rule action='accept' direction='in'> - <mac dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' protocolid='65535'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/rarp-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/rarp-test.xml index 7b99df0..77c1127 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/rarp-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/rarp-test.xml @@ -25,9 +25,4 @@ <rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' opcode='65535' hwtype='65535' protocoltype='65535' /> </rule> - - <rule action='accept' direction='out'> - <rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' - opcode='65536' hwtype='65536' protocoltype='65536' /> - </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/sctp-ipv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/sctp-ipv6-test.xml index 99bf349..d1a57b8 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/sctp-ipv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/sctp-ipv6-test.xml @@ -14,9 +14,9 @@ </rule> <rule action='accept' direction='in'> <sctp-ipv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='::10.1.2.3' srcipmask='129' + srcipaddr='::10.1.2.3' srcipmask='128' dscp='63' srcportstart='255' srcportend='256' - dstportstart='65535' dstportend='65536'/> + dstportstart='65535' dstportend='65535'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/sctp-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/sctp-test.xml index c2f635b..c3c1000 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/sctp-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/sctp-test.xml @@ -17,6 +17,6 @@ srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' - dstportstart='65535' dstportend='65536'/> + dstportstart='65535' dstportend='65535'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/tcp-ipv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/tcp-ipv6-test.xml index ecc1d30..d4f24f4 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/tcp-ipv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/tcp-ipv6-test.xml @@ -14,9 +14,9 @@ </rule> <rule action='accept' direction='in'> <tcp-ipv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='::10.1.2.3' srcipmask='129' + srcipaddr='::10.1.2.3' srcipmask='128' dscp='63' srcportstart='255' srcportend='256' - dstportstart='65535' dstportend='65536'/> + dstportstart='65535' dstportend='65535'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml index fc77683..14ebd35 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml @@ -17,7 +17,7 @@ srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' - dstportstart='65535' dstportend='65536'/> + dstportstart='65535' dstportend='65535'/> </rule> <rule action='accept' direction='in'> <tcp state='NONE' flags='SYN/ALL'/> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/udp-ipv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/udp-ipv6-test.xml index e8c6ba6..fd4f135 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/udp-ipv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/udp-ipv6-test.xml @@ -7,16 +7,16 @@ </rule> <rule action='accept' direction='in'> <udp-ipv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='a:b:c' srcipmask='128' + srcipaddr='::a:b:c' srcipmask='128' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/> </rule> <rule action='accept' direction='in'> <udp-ipv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='::10.1.2.3' srcipmask='129' + srcipaddr='::10.1.2.3' srcipmask='128' dscp='63' srcportstart='255' srcportend='256' - dstportstart='65535' dstportend='65536'/> + dstportstart='65535' dstportend='65535'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/udp-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/udp-test.xml index 10ce53d..359dfa2 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/udp-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/udp-test.xml @@ -17,6 +17,6 @@ srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' - dstportstart='65535' dstportend='65536'/> + dstportstart='65535' dstportend='65535'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/udplite-ipv6-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/udplite-ipv6-test.xml index 0763a7d..5b941a2 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/udplite-ipv6-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/udplite-ipv6-test.xml @@ -13,7 +13,7 @@ </rule> <rule action='accept' direction='in'> <udplite-ipv6 srcmacaddr='1:2:3:4:5:6' - srcipaddr='::10.1.2.3' srcipmask='129' + srcipaddr='::10.1.2.3' srcipmask='128' dscp='33'/> </rule> </filter> diff --git a/scripts/nwfilter/nwfilterxml2xmlin/vlan-test.xml b/scripts/nwfilter/nwfilterxml2xmlin/vlan-test.xml index 65ee04b..a5e7b38 100644 --- a/scripts/nwfilter/nwfilterxml2xmlin/vlan-test.xml +++ b/scripts/nwfilter/nwfilterxml2xmlin/vlan-test.xml @@ -21,13 +21,6 @@ /> </rule> - <rule action='accept' direction='in'> - <vlan srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' - dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' - vlanid='0xffff' - /> - </rule> - <rule action='drop' direction='out'> <vlan srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' -- 1.8.5.3

11 years, 2 months

2
2
0 / 0

[libvirt] [PATCH] Cope with newer ebtables tools in testvm.fwall.dat

by Daniel P. Berrange

Newer ebtables tools turn 0x8035 into RARP, so our test file must expect this. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat b/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat index b540509..1b5f3ce 100644 --- a/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat +++ b/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat @@ -2,20 +2,20 @@ -i vnet0 -j libvirt-I-vnet0 #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$" -o vnet0 -j libvirt-O-vnet0 -#ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$" +#ebtables -t nat -L libvirt-I-vnet0 | sed s/0x8035/RARP/g | grep -v "^Bridge" | grep -v "^$" -j I-vnet0-mac -p IPv4 -j I-vnet0-ipv4-ip -p IPv4 -j ACCEPT -p ARP -j I-vnet0-arp-mac -p ARP -j I-vnet0-arp-ip -p ARP -j ACCEPT --p 0x8035 -j I-vnet0-rarp +-p RARP -j I-vnet0-rarp -p 0x835 -j ACCEPT -j DROP -#ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$" +#ebtables -t nat -L libvirt-O-vnet0 | sed s/0x8035/RARP/g | grep -v "^Bridge" | grep -v "^$" -p IPv4 -j O-vnet0-ipv4 -p ARP -j ACCEPT --p 0x8035 -j O-vnet0-rarp +-p RARP -j O-vnet0-rarp -j DROP #ebtables -t nat -L I-vnet0-ipv4-ip | grep -v "^Bridge" | grep -v "^$" -p IPv4 --ip-src 0.0.0.0 --ip-proto udp -j RETURN -- 1.8.5.3

11 years, 2 months

2
1
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel March 2014