From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 44A11607D4 for ; Sun, 18 Oct 2020 17:07:27 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 35A7025D56 for ; Sun, 18 Oct 2020 17:07:27 +0200 (CEST) Received: from mail-lf1-x141.google.com (mail-lf1-x141.google.com [IPv6:2a00:1450:4864:20::141]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 9BC8925D49 for ; Sun, 18 Oct 2020 17:07:25 +0200 (CEST) Received: by mail-lf1-x141.google.com with SMTP id r127so9889564lff.12 for ; Sun, 18 Oct 2020 08:07:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=odiso-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=MP0Sz5Ekwr+6zOzvswBWqLk2BBxMk8/N2DOPghGLSuI=; b=EPjMTYZ8/mBCwZVDm3d7zel5yHyZutCnmqzIVlKSqTWi5xSUt8rQYapH79pQsxijeN pCcRCCGSali63B1bdiZ7eSAjxUCS4Vnq2S3eW0KdM2gvjHsb7W3yc9lNSzJNnaCxOwQd iSpVpg3mfOHTituVp24ZWjAehCT48ID1S7YNgR3G5+piHBuyVSeCbpyil/ea+bwNsORR P6+bkFV3QVrVF2sZ08zQvrtDDkX3599Npg6lv8EVve9GGKpDKXxM2zHKVUq+44vcVeX9 WgUd2AMPC+1Xd0pgM4TryJbkSBYTnkqPg1Fjlwl1VZ24e19SRGwe6qHyuzzfAYGy2vcK pdBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=MP0Sz5Ekwr+6zOzvswBWqLk2BBxMk8/N2DOPghGLSuI=; b=XS0YiXOPY3XuQLoRcN/eWyQNim1WWibP91DAO6udou4qlBQzg2+P5YvTb7aLsGQ+FE zNIq8Dfp6hVS4sSTmUfRVtDBGhH8Dw2jsLPH5GyVeQBxxAOhM75YC4PeIRuoW8hNE/gk WfsMA4XBfJd+HNtKJD9Sfv1N/SeipcuOwvvIbT7p4+oY/AV1uvn1xyw9e6pZiZlghJQ9 Zw/ppON5YMOSastmcoE1UByR2C5ALU4keBqbTM0ufW4qrlUDaGzLwMmn0UpmexugIJQ5 8d7t96M3j4JIr7O4j7LrimGJHnA9bZMMy4J0Vxm+h7NHtETNXVHPJ5QQUoM44Y1MiLu+ juyw== X-Gm-Message-State: AOAM530fkmjK6P/wafJ7ii95ypCLMa/OJYWlfMvcMoiFUJn2CbwaHKAT GWS+Pms6CNYSlsnAeADHjEYVh8bBLluBEKa8tMC+yrkrQtSc/Vkn X-Google-Smtp-Source: ABdhPJzxZZxmdR+gb8XrbLZ1Vaii1zxfpNvjlwAtGEnMBwUL/VDd0yKnEOV7LhcBLduoBSmALEK3PDqXJTKmuAbDMcc= X-Received: by 2002:a19:5e5c:: with SMTP id z28mr4319637lfi.528.1603033638543; Sun, 18 Oct 2020 08:07:18 -0700 (PDT) MIME-Version: 1.0 References: <20201016132417.5175-1-m.limbeck@proxmox.com> <20201016132417.5175-3-m.limbeck@proxmox.com> In-Reply-To: <20201016132417.5175-3-m.limbeck@proxmox.com> From: Alexandre Derumier Date: Sun, 18 Oct 2020 17:07:07 +0200 Message-ID: To: Proxmox VE development discussion Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.000 Adjusted score from AWL reputation of From: address DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, qemumigrate.pm] Subject: Re: [pve-devel] [PATCH qemu-server] copy conntrack information on migration X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Oct 2020 15:07:27 -0000 I don't have checked the code, but does "'/usr/bin/pve-conntrack-tool', 'dump'" only dump vm conntrack, or all the host conntrack table ? (Not sure how it could be possible for only vm currently, but if we implement different conntrack zones for each vm, it could be easy) Le ven. 16 oct. 2020 =C3=A0 15:24, Mira Limbeck a = =C3=A9crit : > > Requires the pve-conntrack-tool. On migration the conntrack information > from the source node is dumped and sent to the target node where it is > then inserted. > This helps with open connections during migration when the firewall is ac= tive. > > Signed-off-by: Mira Limbeck > --- > PVE/QemuMigrate.pm | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm > index 11fec4b..a4e24f7 100644 > --- a/PVE/QemuMigrate.pm > +++ b/PVE/QemuMigrate.pm > @@ -1065,6 +1065,9 @@ sub phase2 { > die "unable to parse migration status '$stat->{status}' - abo= rting\n"; > } > } > + > + $self->log('info', 'copy conntrack information'); > + PVE::Tools::run_command([['/usr/bin/pve-conntrack-tool', 'dump'], [@= {$self->{rem_ssh}}, '/usr/bin/pve-conntrack-tool', 'insert']]); > } > > sub phase2_cleanup { > -- > 2.20.1 > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >