On 8/3/12 2:37 PM, "David Nalley" <da...@gnsa.us> wrote:
>On Fri, Aug 3, 2012 at 5:21 PM, Edison Su <edison...@citrix.com> wrote: >> We can put the binary into somewhere, but in the source code. >> >>> -----Original Message----- >>> From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] >>> Sent: Friday, August 03, 2012 2:13 PM >>> To: CloudStack DeveloperList >>> Subject: Re: IPtables deb in source repo >>> >>> However this means that if someone wants to build a system vm >>> themselves >>> (to add new packages for example), this fix will not be available. >>> >>> On 8/3/12 1:43 PM, "Edison Su" <edison...@citrix.com> wrote: >>> >>> >From the git log: >>> >commit aeda3f3a1c64efa1deb34f7fcb280e4155c4fe7d >>> >Author: Sheng Yang <sheng.y...@cloud.com> >>> >Date: Wed Dec 28 17:35:09 2011 -0800 >>> > >>> > bug 11056: Add customized iptables and kernel modules to the >>> system >>> >template >>> > >>> > The new kernel module xt_CHECKSUM.ko is based on [1], and back >>> ported >>> >to 2.6.32 >>> > kernel. New iptables is based on adding a new extension from [2]. >>> > >>> > [1]https://lwn.net/Articles/396466/ >>> > >>> >[2]https://git.netfilter.org/cgi- >>> bin/gitweb.cgi?p=iptables.git;a=commit;h= >>> >9d1b11102b53103c00b7fddf4658a4d2bdee1338 >>> > >>> > status 11056: resolved fixed >>> > >>> > >>> > >>> >It fixes bug http://bugs.cloud.com/show_bug.cgi?id=11056, that >>> >debina/ubuntu client can't get ip address in some cases. >>> >It's ok to remove it from source tree, as the patched iptable binary >>> >itself is already installed in system vm template. > >Did we upstream the patch to debian? >How will people generate new systemVMs without this (or will it just >be broken for them) > >--David I believe it is already in Debian wheezy, so this is actually a backport. Debian backports kernel for Squeeze broke something else (will have to dig it up), so we couldn't use the backports kernel. What will break for folks is that: - if they have a Ubuntu/Debian VM co-hosted on the same Xen hypervisor as the virtual router then DHCP fails. The workaround is to patch their dhclient from the Centos repository.
