[root@ananta ~]# ebtables -N new
[root@ananta ~]# dmesg | tail
xenbr1: port 3(vif7.0) entering forwarding state
xenbr1: port 3(vif7.0) entering disabled state
device vif7.0 left promiscuous mode
xenbr1: port 3(vif7.0) entering disabled state
device vif8.0 entered promiscuous mode
ADDRCONF(NETDEV_UP): vif8.0: link is not ready
blkback: ring-ref 8, event-channel 6, protocol 1 (x86_32-abi)
ADDRCONF(NETDEV_CHANGE): vif8.0: link becomes ready
xenbr1: topology change detected, propagating
xenbr1: port 3(vif8.0) entering forwarding state
The vif messages are from the domU startup and stops i have been doing (i reverted back the ebtables patch in vif-bridge so i can atleast configure few of the domU's until this ebtables problem is resolved).
P.S. : As you see i have the centosplus kernel installed, maybe the problem is fixed in that ?
On Thu, Apr 16, 2009 at 2:46 AM, David
<admin@xxxxxxxxxxx> wrote:
[root@monaghan ~]# ebtables -N new
The kernel doesn't support a certain ebtables extension, consider recompiling your kernel or insmod the extension.
[root@monaghan ~]# dmesg | tail
kernel msg: ebtables bug: please report to author: entries_size too small
these are the symtoms i have on 5.2On Wed, Apr 15, 2009 at 8:23 PM, Anand Gupta
<xen.mails@xxxxxxxxx> wrote:
Hi David,
Thanks for the quick reply.
I took the rpm from Would you recommend to compile it ?
Here is the dmesg output when i try to start a domU.
device vif1.0 entered promiscuous mode
ADDRCONF(NETDEV_UP): vif1.0: link is not ready
Ebtables v2.0 registered
xenbr1: port 3(vif1.0) entering disabled state
device vif1.0 left promiscuous mode
xenbr1: port 3(vif1.0) entering disabled state
Does this make any sense ?
Thanks for the help.
On Thu, Apr 16, 2009 at 12:33 AM, David
<admin@xxxxxxxxxxx> wrote:
i think ebtables on centos is broken(5.2 anyway), look out for messages in dmesg
On Wed, Apr 15, 2009 at 7:57 PM, Anand Gupta
<xen.mails@xxxxxxxxx> wrote:
Made the changes by hand on vif-bridge, changed xend-config to use the new vif-bridge-custom script, and bang :( The domU won't start now.
Error: Device 0 (vif) could not be connected. /etc/xen/scripts/vif-bridge-custom failed; error detected.
Here is the diff
diff -u vif-bridge vif-bridge-custom
--- vif-bridge 2009-04-14 23:35:08.000000000 -0400
+++ vif-bridge-custom 2009-04-15 00:01:08.000000000 -0400
@@ -57,15 +57,37 @@
online)
setup_bridge_port "$vif"
add_to_bridge "$bridge" "$vif"
+ ebtables -N $vif
+ ebtables -P $vif DROP
+ ebtables -A INPUT -i $vif -j $vif
+ ebtables -A FORWARD -i $vif -j $vif
+ ebtables -A $vif -p ARP –arp-opcode 1 -j ACCEPT
+
+ if [ ! -z "$ip" ]
+ then
+ for oneip in $ip
+ do
+ ebtables -A $vif -p IPv4 –ip-src $oneip -j ACCEPT
+ ebtables -A $vif -p IPv4 –ip-dst $oneip -j ACCEPT
+ ebtables -A $vif -p ARP –arp-opcode 2 –arp-ip-src $oneip -j ACCEPT
+ done
+
+ ebtables -A $vif --log-prefix="arp-drop" --log-arp -j DROP
+
+ fi
;;
offline)
do_without_error brctl delif "$bridge" "$vif"
do_without_error ifconfig "$vif" down
+ do_without_error ebtables -D INPUT -i $vif -j $vif
+ do_without_error ebtables -D FORWARD -i $vif -j $vif
+ do_without_error ebtables -F $vif
+ do_without_error ebtables -X $vif
;;
esac
-handle_iptable
+#handle_iptable
log debug "Successful vif-bridge $command for $vif, bridge $bridge."
if [ "$command" == "online" ]
Will appreciate any help on this.
On Wed, Apr 15, 2009 at 11:27 PM, Anand Gupta
<xen.mails@xxxxxxxxx> wrote:
Tried to apply this patch. Fresh install centos5.3, xen 3.0.3-80
I get this error.
missing header for unified diff at line 3 of patch
patching file vif-bridge
patch: **** malformed patch at line 4: online)
Any ideas on how to fix this ?
--
regards,
Anand Gupta
--
regards,
Anand Gupta
