[Bug 569581] New: Xen scripts use "physdev-out"; reported in logs as "not supported anymore"
http://bugzilla.novell.com/show_bug.cgi?id=569581 http://bugzilla.novell.com/show_bug.cgi?id=569581#c0 Summary: Xen scripts use "physdev-out"; reported in logs as "not supported anymore" Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: All OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Xen AssignedTo: jdouglas@novell.com ReportedBy: 0.bugs.only.0@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.0) Gecko/20100105 SUSE/3.6rc1-1.2 Firefox/3.6 uname -a Linux server 2.6.31.8-0.1-xen #1 SMP 2009-12-15 23:55:40 +0100 x86_64 x86_64 x86_64 GNU/Linux dmesg | grep physdev [ 61.219423] physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore. ... (14 repetitions) ... [ 63.467926] physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore. caused by code in xen-tools' /etc/xen/scripts/vif-common.sh, cd /etc/xen/scripts grep physdev-out * vif-common.sh: --physdev-out "$vif" -j ACCEPT 2>/dev/null is addressed in this message, http://old.nabble.com/3.4.x-networking-td25420782.html#a25426701 commenting out the handle_iptables() stanza in in vif-common.sh seems to break access to DomUs via "xm console" I didn't dig deeper -- likely breaks bridging. In any case, on a xen Dom0 install, with no firewall configured, that message is confusing/misleading -- suggesting that there's a problem. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=569581
http://bugzilla.novell.com/show_bug.cgi?id=569581#c
Charles Arnold
http://bugzilla.novell.com/show_bug.cgi?id=569581
http://bugzilla.novell.com/show_bug.cgi?id=569581#c1
James Fehlig
http://bugzilla.novell.com/show_bug.cgi?id=569581 http://bugzilla.novell.com/show_bug.cgi?id=569581#c2 --- Comment #2 from mail ignored <0.bugs.only.0@gmail.com> 2010-01-20 03:37:27 UTC --- (In reply to comment #1)
So I plan to patch vif-bridge in SuSE distros to remove handle_iptable call. Can you try this and report back? Thanks.
well that's simple enough. @ Dom0, in /etc/xen/scripts/vif-bridge, @94, --- handle_iptable +++ #handle_iptable then, reboot
dmesg | grep physdev
clearly removes the 'noise'. and, given the comments from the sysconfig maintainer, it seems that it is, indeed, a no longer required artifact. with this change, i've booted Dom0, as well as a bunch of multiply-bridged DomUs, and everything _seems_ OK. i'll report back if anything changes. thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=569581
http://bugzilla.novell.com/show_bug.cgi?id=569581#c3
James Fehlig
with this change, i've booted Dom0, as well as a bunch of multiply-bridged DomUs, and everything _seems_ OK.
Good to hear - and thanks for testing!
i'll report back if anything changes.
Please do. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=569581 http://bugzilla.novell.com/show_bug.cgi?id=569581#c4 --- Comment #4 from mail ignored <0.bugs.only.0@gmail.com> 2010-01-20 05:50:48 UTC --- worth mentioning ... i do NOT use SuseFirewall on this box; it's disabled. for firewall in general i use shorewall. that said, it'd be useful to know what "all required rules needed to make bridged setup working" for use with other firewalls -- *especially* if some setup it lost by removing the handle_iptables call. are those rule requirements documented? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=569581
http://bugzilla.novell.com/show_bug.cgi?id=569581#c5
--- Comment #5 from James Fehlig
http://bugzilla.novell.com/show_bug.cgi?id=569581
http://bugzilla.novell.com/show_bug.cgi?id=569581#c6
James Fehlig
participants (1)
-
bugzilla_noreply@novell.com