From: Nikolai Zhubr <n-a-zhubr-o+MxOtu4lMCHXe+LvDLADg@public.gmane.org>
To: Laine Stump <laine-k/Ak44NBdeXYtjvyW6yDsg@public.gmane.org>
Cc: libvirt-users-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
netfilter-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: netfilter+libvirt=(smth got broken?)
Date: Thu, 21 Mar 2013 03:01:37 +0400 [thread overview]
Message-ID: <514A3FD1.80702@yandex.ru> (raw)
In-Reply-To: <514A1F0A.4090402-k/Ak44NBdeXYtjvyW6yDsg@public.gmane.org>
21.03.2013 0:41, Laine Stump wrote:
[...]
>> - !!(info->invert_flags& XT_CONNTRACK_DIRECTION))
>> + !(info->invert_flags& XT_CONNTRACK_DIRECTION))
>> return false;
>>
>> if (info->match_flags& XT_CONNTRACK_ORIGSRC)
>>
>> So apparently, netfilter's behaviour was indeed reversed at some
>> point, therefore libvirt stopped working properly.
>
> To save me the trouble, can you point me at a copy of the patch so I can
> read the commit message?
Maybe this
http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.devel/38602
and this
http://git.opencores.org/?a=commit&p=linux&h=96120d86fe302c006259baee9061eea9e1b9e486
will be of some use.
>
> That seems a very bad thing to do :-/
>
>>
>> I'd guess libvirt needs to be adapted then? Is it a known issue or
>> should I fill in bugreport at Novell/Red Hat?
>
> I suppose it needs to be adapted, but how are we supposed to know which
> way to go? Some magic number of kernel version?
Yeah, makes me wonder.
Anyway, I've filed a bugreport at Novell (with a trivial patch proposed,
although not taking into account possible "older" kernels hanging around
with "historical" behaviour)
https://bugzilla.novell.com/show_bug.cgi?id=810611
Nikolai
>
> Bah. (This is the 2nd issue this week caused by a change in kernel ABI,
> so I'm not in a good mood...)
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
> https://www.redhat.com/mailman/listinfo/libvirt-users
>
>
next prev parent reply other threads:[~2013-03-20 23:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-20 12:47 netfilter+libvirt=(smth got broken?) Nikolai Zhubr
2013-03-20 13:06 ` Nikolai Zhubr
2013-03-20 13:41 ` Nikolai Zhubr
[not found] ` <514A1F0A.4090402@laine.org>
[not found] ` <514A1F0A.4090402-k/Ak44NBdeXYtjvyW6yDsg@public.gmane.org>
2013-03-20 23:01 ` Nikolai Zhubr [this message]
2013-03-21 2:30 ` Pablo Neira Ayuso
2013-03-21 3:18 ` [libvirt-users] " Eric Blake
2013-03-21 9:55 ` Pablo Neira Ayuso
2013-03-22 10:53 ` Pablo Neira Ayuso
2013-03-22 18:10 ` Laine Stump
2013-03-26 14:18 ` Pablo Neira Ayuso
2013-03-27 18:22 ` Laine Stump
2013-03-21 10:32 ` Nikolai Zhubr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=514A3FD1.80702@yandex.ru \
--to=n-a-zhubr-o+mxotu4lmchxe+lvdladg@public.gmane.org \
--cc=laine-k/Ak44NBdeXYtjvyW6yDsg@public.gmane.org \
--cc=libvirt-users-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=netfilter-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox