Re: [libvirt] [PATCH 1/3] Only check for IP forwarding, do not enable it
On 10/15/2012 12:04 PM, Cole Robinson wrote:
On 10/15/2012 10:54 AM, Michal Privoznik wrote:
> On 15.10.2012 12:26, Benjamin Cama wrote:
>>
>> static int
>> networkSetIPv6Sysctls(virNetworkObjPtr network)
>> @@ -2140,11 +2172,9 @@ networkStartNetworkVirtual(struct network_driver *driver,
>> if (virNetDevSetOnline(network->def->bridge, 1) < 0)
>> goto err2;
>>
>> - /* If forwardType != NONE, turn on global IP forwarding */
>> + /* If forwardType != NONE, check for IP forwarding */
>> if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE &&
>> - networkEnableIpForwarding(v4present, v6present) < 0) {
>> - virReportSystemError(errno, "%s",
>> - _("failed to enable IP forwarding"));
>> + networkCheckIpForwarding(v4present, v6present) < 0) {
>> goto err3;
>> }
>>
>>
> Well, I am not sure if we can do this. What would happen if some of our
> users rely on this already? I mean, it's there since ages.
>
> Michal
Indeed this kinda defeats the purpose of the default virtual network that
should 'just work' out of the box. Maybe we could add some libvirtd.conf
option to enable this check-if-set behavior, but we can't change the default here.
We've had this discussion before:
http://www.redhat.com/archives/libvir-list/2010-October/msg00030.html
and in particular this response:
http://www.redhat.com/archives/libvir-list/2010-October/msg00183.html
In the end, the presence of a network with a forward mode that requires
L3 packet forwarding indicates tacit approval for ip_forward to be
turned on. The problem in the past has been that the default network
(which has <forward mode='nat'>) was a part of *all* libvirt installs.
That is now separated into its own sub-package, though.
So, the "config option" is to simply not install the default network (or
to remove it if it's there).