mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
7581e3b6d5
This reverts commit 42ab0148dd
.
This patch was supposed to fix the checksum of dhcp response packets
by setting it to 0 (because having a non-0 but incorrect checksum was
causing the packets to be droppe on FreeBSD guests).
Early testing was positive, but after the patch was pushed upstream
and more people could test it, it turned out that while it fixed the
dhcp checksum problem for virtio-net interfaces on FreeBSD and
OpenBSD, it also *broke* dhcp checksums for the e1000 emulated NIC on
*all* guests (but not e1000e).
So we're reverting this fix and looking for something more universal
to be included in the next release.
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
145 lines
1.4 KiB
Plaintext
145 lines
1.4 KiB
Plaintext
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_output \
|
|
iif \
|
|
virbr0 \
|
|
counter \
|
|
reject
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_input \
|
|
oif \
|
|
virbr0 \
|
|
counter \
|
|
reject
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_cross \
|
|
iif \
|
|
virbr0 \
|
|
oif \
|
|
virbr0 \
|
|
counter \
|
|
accept
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_output \
|
|
ip \
|
|
saddr \
|
|
192.168.122.0/24 \
|
|
iif \
|
|
virbr0 \
|
|
counter \
|
|
accept
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_input \
|
|
oif \
|
|
virbr0 \
|
|
ip \
|
|
daddr \
|
|
192.168.122.0/24 \
|
|
ct \
|
|
state \
|
|
related,established \
|
|
counter \
|
|
accept
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_nat \
|
|
ip \
|
|
saddr \
|
|
192.168.122.0/24 \
|
|
ip \
|
|
daddr \
|
|
'!=' \
|
|
192.168.122.0/24 \
|
|
counter \
|
|
masquerade
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_nat \
|
|
meta \
|
|
l4proto \
|
|
udp \
|
|
ip \
|
|
saddr \
|
|
192.168.122.0/24 \
|
|
ip \
|
|
daddr \
|
|
'!=' \
|
|
192.168.122.0/24 \
|
|
counter \
|
|
masquerade \
|
|
to \
|
|
:1024-65535
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_nat \
|
|
meta \
|
|
l4proto \
|
|
tcp \
|
|
ip \
|
|
saddr \
|
|
192.168.122.0/24 \
|
|
ip \
|
|
daddr \
|
|
'!=' \
|
|
192.168.122.0/24 \
|
|
counter \
|
|
masquerade \
|
|
to \
|
|
:1024-65535
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_nat \
|
|
ip \
|
|
saddr \
|
|
192.168.122.0/24 \
|
|
ip \
|
|
daddr \
|
|
255.255.255.255/32 \
|
|
counter \
|
|
return
|
|
nft \
|
|
-ae insert \
|
|
rule \
|
|
ip \
|
|
libvirt_network \
|
|
guest_nat \
|
|
ip \
|
|
saddr \
|
|
192.168.122.0/24 \
|
|
ip \
|
|
daddr \
|
|
224.0.0.0/24 \
|
|
counter \
|
|
return
|