[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] XCP: ip restriction is completely broken for xenbr1, xenbr2, etc.


  • To: George Shuklin <george.shuklin@xxxxxxxxx>
  • From: Rob Hoes <Rob.Hoes@xxxxxxxxxx>
  • Date: Thu, 3 Jan 2013 12:29:06 +0000
  • Accept-language: en-US
  • Acceptlanguage: en-US
  • Cc: "xen-api@xxxxxxxxxxxxx" <xen-api@xxxxxxxxxxxxx>
  • Delivery-date: Thu, 03 Jan 2013 12:29:32 +0000
  • List-id: User and development list for XCP and XAPI <xen-api.lists.xen.org>
  • Thread-index: Ac3prewe8hg0XVFNRTCKYxUYIaVRKg==
  • Thread-topic: [Xen-API] XCP: ip restriction is completely broken for xenbr1, xenbr2, etc.

Hi George,

You are certainly right about this – this is quite bad.
I saw your pull request on github and will try it out.

Thanks for reporting this and submitting a fix as well!

Cheers,
Rob

On 18 Dec 2012, at 14:24, George Shuklin <george.shuklin@xxxxxxxxx> wrote:

> I found some kind of horrible bug in XCP 1.6.
> 
> After looking to src on github (master branch) I found it still there.
> 
> Way to reproduce:
> 
> create vif with device=15 (or any other >0).
> set up locking-mode=locked
> set up some ipv4-allowed.
> 
> xe vif-plug ....
> 
> expected result: rules for OVS applied to xenbr, corresponding to vif 
> network's bridge.
> 
> actual result: device number (15) is is used as bridge number (xenbr15!).
> 
> I done some source code review:
> Dec 18 18:17:54 rvc2-xh43 python: 
> /opt/xensource/libexec/setup-vif-rules[8505] - Called with vif_type=vif, 
> domid=1, devid=15, network_mode=openvswitch, action=filter
> 
> devid=15 <- WRONG
> 
> It use vif id from xenstore instead of proper 'bridge' field from 
> network object.
> 
> 
> 
> 
> _______________________________________________
> Xen-api mailing list
> Xen-api@xxxxxxxxxxxxx
> http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api


_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.