Re: [libvirt] iptables --physdev-out warnings
On 01/16/2013 03:23 AM, Reinier Schoof wrote:
I patched the libvirt source (version 1.0.0) to test whether this works
or not:
--- src/nwfilter/nwfilter_ebiptables_driver.c.orig 2013-01-16
10:51:43.000000000 +0100
+++ src/nwfilter/nwfilter_ebiptables_driver.c 2013-01-16
10:52:07.000000000 +0100
@@ -166,7 +166,7 @@
snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
#define PHYSDEV_IN "--physdev-in"
-#define PHYSDEV_OUT "--physdev-out"
+#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
Thanks for the report, and also for a quick patch attempt.
The warnings in /var/log/messages are gone and running the test
again
proved the 100th VM started in 3.8 seconds. It suprises me I'm the first
to mention this problem on the libvirt mailing list and I wondering if
I'm doing something wrong. Until then, this fix helps me a lot!
I took a look on RHEL 5.9, to see if --physdev-is-bridged was supported
in iptables that old (1.3.5). It appears to be listed there, so you are
in luck.
It would be nice if you can convert this to a formal git patch
submission (see http://libvirt.org/hacking.html); but if you are not
comfortable doing that, we can help. I'd like to see if Laine or Stefan
have any comments; but if they don't reject this in another day or two,
I have no problems going ahead and applying it.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)