|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] tools/hotplug/Linux: Avoid dependency on iptables conntrack module.
# HG changeset patch
# User Keir Fraser <keir@xxxxxxx>
# Date 1292602357 0
# Node ID ff1b80ccecd9ed049cc694ab117100e83eab179f
# Parent e3fd86244491a8129cbd2b8e889f440232da6202
tools/hotplug/Linux: Avoid dependency on iptables conntrack module.
Checking for RELATED,ESTABLISHED traffic being sent to a domU requires
connection tracking, which adds unexpected (to most users) load to
dom0. Heavily loaded systems can fill the conntrack tables.
So avoid this, be more liberal in what we accept, and leave it to domU
to police its own input.
Signed-off-by: Keir Fraser <keir@xxxxxxx>
---
tools/hotplug/Linux/vif-common.sh | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff -r e3fd86244491 -r ff1b80ccecd9 tools/hotplug/Linux/vif-common.sh
--- a/tools/hotplug/Linux/vif-common.sh Fri Dec 17 14:16:41 2010 +0000
+++ b/tools/hotplug/Linux/vif-common.sh Fri Dec 17 16:12:37 2010 +0000
@@ -105,10 +105,10 @@ frob_iptable()
local c="-D"
fi
- iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$vif"
"$@" -j ACCEPT \
- 2>/dev/null &&
- iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev \
- --physdev-is-bridged --physdev-out "$vif" -j ACCEPT 2>/dev/null
+ iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$vif" \
+ "$@" -j ACCEPT 2>/dev/null &&
+ iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-out "$vif" \
+ -j ACCEPT 2>/dev/null
if [ "$command" == "online" -a $? -ne 0 ]
then
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |