projects / packages / xen.git / blame
| Commit | Line | Data |
|---|---|---|
| 32d7e160 JB |
1 | --- xen-4.5.1/tools/hotplug/Linux/vif-bridge.orig 2015-10-01 17:51:47.613981230 +0200 |
| 2 | +++ xen-4.5.1/tools/hotplug/Linux/vif-bridge 2015-10-01 17:51:51.330647734 +0200 | |
| 3 | @@ -93,8 +93,6 @@ | |
| 94ddf9c9 JR |
4 | ;; |
| 5 | esac | |
| 6 | ||
| 32d7e160 | 7 | -handle_iptable |
| 94ddf9c9 | 8 | - |
| bf4f47e8 JK |
9 | call_hooks vif post |
| 10 | ||
| 94ddf9c9 | 11 | log debug "Successful vif-bridge $command for $dev, bridge $bridge." |
| bf4f47e8 JK |
12 | diff -dur -x '*.orig' -x '*.rej' -x '*~' xen-4.2.0.orig/tools/hotplug/Linux/xen-network-common.sh xen-4.2.0/tools/hotplug/Linux/xen-network-common.sh |
| 13 | --- xen-4.2.0.orig/tools/hotplug/Linux/xen-network-common.sh 2012-09-17 12:21:18.000000000 +0200 | |
| 14 | +++ xen-4.2.0/tools/hotplug/Linux/xen-network-common.sh 2012-10-22 13:05:02.000000000 +0200 | |
| 15 | @@ -115,6 +115,13 @@ | |
| 94ddf9c9 JR |
16 | brctl addbr ${bridge} |
| 17 | brctl stp ${bridge} off | |
| 18 | brctl setfd ${bridge} 0 | |
| 19 | + # Setting these to zero stops guest<->LAN traffic | |
| 20 | + # traversing the bridge from hitting the *tables | |
| 21 | + # rulesets. guest<->host traffic still gets processed | |
| 22 | + # by the host's iptables rules so this isn't a hole | |
| 23 | + sysctl -q -w "net.bridge.bridge-nf-call-arptables=0" | |
| 24 | + sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0" | |
| 25 | + sysctl -q -w "net.bridge.bridge-nf-call-iptables=0" | |
| 26 | fi | |
| 27 | } | |
| 28 |