[Pkg-xen-devel] Bug#894013: xen-utils-common: issue with iptables antispoofing rules in xen4.8 generated by vif-bridge and vif-common.sh

[Hans van Kranenburg]

On 1/3/19 11:46 PM, Hans van Kranenburg wrote:
> Hi,
> 
> On 11/6/18 10:30 PM, Sebastian Piecha wrote:
>> The patch file has a little bug as I commented out the else branch in
>> the last if section. Now it works again...
>>
>> [...]
> 
> I think we should move this discussion to (or extend to) upstream Xen
> development. If you want, please do so by starting a topic on the
> xen-users mailing list, summarize things a bit and refer to the url of
> the Debian bug.
> 
> [...]

Ahem, I see that already happened, and that is how the story started. :)

So, taking it to the next level... Getting this forward is more likely
to happen with a proposed working alternative implementation as
patch-set to the xen-devel list.

There seems not to be much interest in this by default, and only
complaining that things don't work often doesn't improve that situation.

I still think proper anti-spoofing behaviour out of the box would be a
really nice thing. But, as we've seen already, it's not trivial because
the dom0 needs to have all kinds of information about what's happening
inside the domU it starts.

Hans