Dan Kenigsberg has posted comments on this change. Change subject: Sysctl to allow iSCSI multipath with multiple NICs in the same subnet ......................................................................
Patch Set 7: Code-Review-1 (1 comment) http://gerrit.ovirt.org/#/c/31529/7/vdsm/vdsm-sysctl.conf File vdsm/vdsm-sysctl.conf: Line 13: # configuration, reverse path filtering must be loosened with "rp_filter=2" Line 14: # (using "default" so an admin can override it per interface if needed) Line 15: net.ipv4.conf.default.arp_ignore = 1 Line 16: net.ipv4.conf.default.arp_announce = 2 Line 17: net.ipv4.conf.default.rp_filter = 2 According to http://www.ietf.org/rfc/rfc3704.txt (section 2.4) loose mode has security disadvantages. If an untrusted VM is connected to a bridge with an IP address and with this setting, the VM could DoS the host by sending it packages with spoofed random sources. It would be more prudent to set loose mode only on specific interfaces that need it - though doing so properly may be a bit tedious. -- To view, visit http://gerrit.ovirt.org/31529 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ibf93d49317c76aece764e53e58e0ff28868f16b0 Gerrit-PatchSet: 7 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Amador Pahim <apa...@redhat.com> Gerrit-Reviewer: Amador Pahim <apa...@redhat.com> Gerrit-Reviewer: Antoni Segura Puimedon <asegu...@redhat.com> Gerrit-Reviewer: Dan Kenigsberg <dan...@redhat.com> Gerrit-Reviewer: Nir Soffer <nsof...@redhat.com> Gerrit-Reviewer: Sergey Gotliv <sgot...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
