[libvirt] [PATCH] BZ 657918 Default iptables setup in libvirt breaks mDNS
Laine Stump
laine at laine.org
Wed Dec 12 20:19:38 UTC 2012
On 12/11/2012 07:05 PM, Brian J. Murrell wrote:
> On 12-12-11 06:24 PM, Eric Blake wrote:
>> Thanks!
> NP. Had it just lying around here anyway. :-)
>
>> Comment should now mention 4 rules.
> Doh! Missed that in the patch port. Updated in my local copy (which I
> will of course resend once all of the initial review is done).
The one thing I would ask beyond Eric's suggestions is that you use git
send-email to produce the patches - the patch you've sent doesn't apply
with git am, which would make it a pain to properly attribute to you.
If you're unfamiliar with using git, here's what you would do:
1) git clone git://libvirt.org/libvirt.git
2) cd libvirt
3) edit the files.
4) make check && make syntax-check (and fix any problems they find)
4) git add $list-of-files
5) git commit
(give a nice descriptive log message with subject of
"network: support mDNS on NAT networks")
6) git send-email -1
(tell it to send to libvir-list at redhat.com)
I can then directly apply the patch with git am.
>
>>> + /* exempt multicast traffic */
>>> + if (iptablesAddForwardMasqueradeExempt(driver->iptables) < 0) {
>>> + virReportError(VIR_ERR_SYSTEM_ERROR,
>>> + _("failed to add iptables rule to exempt multicast traffic from masquerading"));
>> Indentation is a bit off,
> OK. Fixed (again, locally).
>
>> and you need a "%s" argument to keep the
>> syntax-checker happy about a message with no other % operand.
> Hrm. There is no argument to substitute into a %s though. There appear
> to be lots of other "virReportError()" calls with no %s in them if
> there is no argument such as:
>
> virReportError(VIR_ERR_SYSTEM_ERROR,
> forwardIf ?
> _("failed to add iptables rule to enable masquerading to %s") :
> _("failed to add iptables rule to enable masquerading"),
> forwardIf);
>
> Notice if forwardIf is NULL, it will use the:
>
> _("failed to add iptables rule to enable masquerading"),
>
> branch. Of course I could be missing something.
I'm surprised that doesn't generate a compile error, other cases of _()
with no %whatever will. It must be the ?: that's messing up the
compiler's checking. At any rate, that should be fixed (separate from
your patch though, of course)
>> Do we need an IPv6 counterpart? (Or am I just showing my ignorance of
>> what IPv6 does as a counterpart to IPv4 multicast?)
> Hrm. I wouldn't think so. NAT (which is what masquerading is)
> isn't supposed to exist in IPv6. Billions of addresses and all that.
> :-) Unless my understanding is incorrect that is.
>
Well, there is now at least a proposal for some sort of IPv6 NAT, but
libvirt networks only do routed IPv6 networks, so it shouldn't be necessary.
More information about the libvir-list
mailing list