This is something I raised on the upstream xen-devel mailing list. I have not yet received any response, so I though I'd try to ask here:
I am using Xen with the included network-route and vif-route scripts. My system runs Fedora 14 with Michael Young's Dom0 kernel.
When xend starts and network-route executes, I see the following error:
/etc/xen/scripts/network-route: line 28: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory
It seems that the problem is that the vifnum shell variable is not set.
Later, when I start an unprivileged domain, I see:
physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
Are these messages expected?
I have submitted a report to the Red Hat Bugzilla system:
https://bugzilla.redhat.com/show_bug.cgi?id=669747
The report includes two patches that fix this issue for me.
On Mon, 17 Jan 2011, W. Michael Petullo wrote:
This is something I raised on the upstream xen-devel mailing list. I have not yet received any response, so I though I'd try to ask here:
I am using Xen with the included network-route and vif-route scripts. My system runs Fedora 14 with Michael Young's Dom0 kernel.
When xend starts and network-route executes, I see the following error:
/etc/xen/scripts/network-route: line 28: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory
It seems that the problem is that the vifnum shell variable is not set.
I did see your bug, and looked at this bit. As far as I can tell this is the only occurrence of vifnum anywhere in the xen code, so I am guessing it is a legacy setting and can be replaced by the default eth0 which is everywhere else and is what is documented in xend-config.sxp.
Michael Young
This is something I raised on the upstream xen-devel mailing list. I have not yet received any response, so I though I'd try to ask here:
I am using Xen with the included network-route and vif-route scripts. My system runs Fedora 14 with Michael Young's Dom0 kernel.
When xend starts and network-route executes, I see the following error:
/etc/xen/scripts/network-route: line 28: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory
It seems that the problem is that the vifnum shell variable is not set.
I did see your bug, and looked at this bit. As far as I can tell this is the only occurrence of vifnum anywhere in the xen code, so I am guessing it is a legacy setting and can be replaced by the default eth0 which is everywhere else and is what is documented in xend-config.sxp.
Another thing that would be nice would be a hook to allow for custom firewall rules. One of our VMs has a special relationship with a port on Dom0. I'd like to be able to add a firewall rule that allows input packets from vifX.0 to Dom0 on this port. I have not proposed anything upstream yet; I am trying to fix the two bugs first.
On 01/17/2011 08:09 PM, W. Michael Petullo wrote:
One of our VMs has a special relationship with a port on Dom0. I'd like to be able to add a firewall rule that allows input packets from vifX.0 to Dom0 on this port.
I could use this too, where I have a DomU providing iSCSI services to other DomU's using phy: disks. Right now starting up the dependent DomU's is a manual intervention - I need to write a simple chat from DomU to Dom0 to tell it to proceed. In my case I can do it by IP address, but for scaling out, the dynamic method would be swell.
I seem to recall several heated (sic) discussions on bugzilla and fedora-devel over various approaches to automated ad-hoc firewall rules. The Xen scripts can probably handle this now but it might be nice to eventually integrate if a proper Fedora solution is constructed.
-Bill