On 01/16/2013 03:23 AM, Reinier Schoof wrote: > > I patched the libvirt source (version 1.0.0) to test whether this works > or not: > --- src/nwfilter/nwfilter_ebiptables_driver.c.orig 2013-01-16 > 10:51:43.000000000 +0100 > +++ src/nwfilter/nwfilter_ebiptables_driver.c 2013-01-16 > 10:52:07.000000000 +0100 > @@ -166,7 +166,7 @@ > snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname) > > #define PHYSDEV_IN "--physdev-in" > -#define PHYSDEV_OUT "--physdev-out" > +#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out" > Thanks for the report, and also for a quick patch attempt. > The warnings in /var/log/messages are gone and running the test again > proved the 100th VM started in 3.8 seconds. It suprises me I'm the first > to mention this problem on the libvirt mailing list and I wondering if > I'm doing something wrong. Until then, this fix helps me a lot! I took a look on RHEL 5.9, to see if --physdev-is-bridged was supported in iptables that old (1.3.5). It appears to be listed there, so you are in luck. It would be nice if you can convert this to a formal git patch submission (see http://libvirt.org/hacking.html); but if you are not comfortable doing that, we can help. I'd like to see if Laine or Stefan have any comments; but if they don't reject this in another day or two, I have no problems going ahead and applying it. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list