Re: [libvirt-users] netfilter+libvirt=(smth got broken?)
21.03.2013 0:41, Laine Stump wrote:
[...]
> - !!(info->invert_flags& XT_CONNTRACK_DIRECTION))
> + !(info->invert_flags& XT_CONNTRACK_DIRECTION))
> return false;
>
> if (info->match_flags& XT_CONNTRACK_ORIGSRC)
>
> So apparently, netfilter's behaviour was indeed reversed at some
> point, therefore libvirt stopped working properly.
To save me the trouble, can you point me at a copy of the patch so I can
read the commit message?
Maybe this
http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.devel/3...
and this
http://git.opencores.org/?a=commit&p=linux&h=96120d86fe302c006259...
will be of some use.
That seems a very bad thing to do :-/
>
> I'd guess libvirt needs to be adapted then? Is it a known issue or
> should I fill in bugreport at Novell/Red Hat?
I suppose it needs to be adapted, but how are we supposed to know which
way to go? Some magic number of kernel version?
Yeah, makes me wonder.
Anyway, I've filed a bugreport at Novell (with a trivial patch proposed,
although not taking into account possible "older" kernels hanging around
with "historical" behaviour)
https://bugzilla.novell.com/show_bug.cgi?id=810611
Nikolai
Bah. (This is the 2nd issue this week caused by a change in kernel ABI,
so I'm not in a good mood...)
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users