[Hardy] overzealous masquerading affects vm to vm traffic

This is already fixed in upstream (in the manner the reporter suggests); see commit d175caad25a4e80800d5e7e7d8c9d920a88b78e1 from git://git.et.redhat.com/libvirt.git, attached.

I've applied that patch to libvirt0 0.4.0-2ubuntu8. It applies cleanly except for a reject on the changelog, and it does fix the problem.

(I ran across this trying to set up a virtual gfs2 cluster for testing; it failed because cluster nodes rejected traffic that (due to thbe unnecessary masquerading) appeared to come from the host instead of the other (guest) cluster nodes.)

Just trying to make progress, I figured I'd follow the instructions from https://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff; results attached. Any chance someone could apply this? It's a trivial change, and fixes an annoying bug.

Heya Bruce,

Thanks for packaging the patch as a debdiff, that helps.

I see this is already fixed in Jaunty, so I'll close the development task for that.

Because Hardy is already released, the process for getting changes into it involves a bit more paperwork, and requires structuring the debdiffs slightly differently. They are targeted to 'hardy-proposed' instead of 'hardy', and the version numbering increments by .1's. I fixed up your debdiff accordingly and include it for your review.

I've also gone ahead and uploaded the fix to hardy-proposed so it'll be available for testing.

The 'paperwork' is described at https://wiki.ubuntu.com/StableReleaseUpdates - basically the process is to help ensure changes that go out to everyone are 100% regression free and fix issues that really do need fixed. I'll fill out the bits I know, could you please fill in the remaining blanks? That part is necessary (along with testing) in order to get the fix approved to move from hardy-proposed to hardy.

Oh also, once you've finished updating the description, please subscribe "ubuntu-sru" to this bug, via the "Subscribe someone else" link at the top right. That will move the bug into the reviewer queue for getting it into hardy.

Ah, so that was the corresponding bug to the package which I just rejected. Please reupload with a bug ref in the changelog (LP: #227837).

Accepted libvirt into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Anyone who can test the proposed package?

Tested this on a fresh hardy server. I can confirm that the fix works.

Created two kqemu-accelerated instances in libvirt. Without the version from proposed packages between the two instances are routed through the host; with the version from proposed, they are now send directly. Tested pinging both the host and external sites from the instances, and can confirm that this also still works as expected.

This bug was fixed in the package libvirt - 0.4.0-2ubuntu8.2

---------------
libvirt (0.4.0-2ubuntu8.2) hardy-proposed; urgency=low

  * masquerade-only-outbound-traffic.patch:
    - Ensure masquerading rule only catches traffic leaving the virtual
      network, and not traffic inside it. (Backported from commit
      d175caad25a4e80800d5e7e7d8c9d920a88b78e1 of
      git://git.et.redhat.com/libvirt.git.) (LP: #227837).
 -- <email address hidden> (J. Bruce Fields) Sun, 05 Oct 2008 15:13:50 -0400