On 01/16/2013 03:23 AM, Reinier Schoof wrote:
I patched the libvirt source (version 1.0.0) to test whether this works or not: --- src/nwfilter/nwfilter_ebiptables_driver.c.orig 2013-01-16 10:51:43.000000000 +0100 +++ src/nwfilter/nwfilter_ebiptables_driver.c 2013-01-16 10:52:07.000000000 +0100 @@ -166,7 +166,7 @@ snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
#define PHYSDEV_IN "--physdev-in" -#define PHYSDEV_OUT "--physdev-out" +#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
Thanks for the report, and also for a quick patch attempt.
The warnings in /var/log/messages are gone and running the test again proved the 100th VM started in 3.8 seconds. It suprises me I'm the first to mention this problem on the libvirt mailing list and I wondering if I'm doing something wrong. Until then, this fix helps me a lot!
I took a look on RHEL 5.9, to see if --physdev-is-bridged was supported in iptables that old (1.3.5). It appears to be listed there, so you are in luck. It would be nice if you can convert this to a formal git patch submission (see http://libvirt.org/hacking.html); but if you are not comfortable doing that, we can help. I'd like to see if Laine or Stefan have any comments; but if they don't reject this in another day or two, I have no problems going ahead and applying it. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org