From: Gabriel Goller <g.goller@proxmox.com>
To: Christoph Heiss <c.heiss@proxmox.com>
Cc: pve-devel@lists.proxmox.com
Subject: Re: [pve-devel] [PATCH ve-rs/firewall/qemu-server/manager/docs v4 00/14] fix #5180: migrate conntrack state on live migration
Date: Mon, 21 Jul 2025 16:49:18 +0200 [thread overview]
Message-ID: <lhkfemuz6su7xvxsjvpxa2x5q7hhc6kff5nual2nlq2zvkthwf@fmsnvre2hokt> (raw)
In-Reply-To: <20250717141530.1471199-1-c.heiss@proxmox.com>
Gave this a quick spin:
I think you forgot to add the NAT limitations to the docs? That's IMO
quite important to add — maybe even in a "WARNINGS" box. Maybe we could
also add this somewhere in the "Migrate" window?
Sometimes when clicking on 'Migrate' the pre-selected node shows "Cannot
migrate conntrack state, target node is lacking support. ...", although
it should work. Selecting another node, then going back to the original
one makes the warning go away. Also sometimes when the node does not
support migrating conntrack, the warnings is not shown. This might just
be a UI fluke/reloading issue, but haven't looked at the code yet...
Otherwise everything works well, the conntrack states are corectly moved
to the other nodes and the connection is not dropped even when the
firewall denies everything on input!
PS: you forgot to add the tested-by and reviewed-by trailers from stefan :)
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-07-21 14:48 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-17 14:15 Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH proxmox-ve-rs v4 01/14] config: guest: allow access to raw Vmid value Christoph Heiss
2025-07-17 19:00 ` [pve-devel] applied: " Thomas Lamprecht
2025-07-17 14:15 ` [pve-devel] [PATCH proxmox-firewall v4 02/14] firewall: add connmark rule with VMID to all guest chains Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH firewall v4 03/14] " Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH firewall v4 04/14] firewall: helpers: add sub for flushing conntrack entries by mark Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH qemu-server v4 05/14] qmp helpers: allow passing structured args via qemu_objectadd() Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH qemu-server v4 06/14] api2: qemu: add module exposing node migration capabilities Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH qemu-server v4 07/14] fix #5180: dbus-vmstate: add daemon for QEMUs dbus-vmstate interface Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH qemu-server v4 08/14] fix #5180: migrate: integrate helper for live-migrating conntrack info Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH qemu-server v4 09/14] migrate: flush old VM conntrack entries after successful migration Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH manager v4 10/14] api2: capabilities: explicitly import CPU capabilities module Christoph Heiss
2025-07-17 21:28 ` [pve-devel] applied: " Thomas Lamprecht
2025-07-17 14:15 ` [pve-devel] [PATCH manager v4 11/14] api2: capabilities: proxy index endpoints to respective nodes Christoph Heiss
2025-07-17 21:28 ` [pve-devel] applied: " Thomas Lamprecht
2025-07-17 14:15 ` [pve-devel] [PATCH manager v4 12/14] api2: capabilities: expose new qemu/migration endpoint Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH manager v4 13/14] ui: window: Migrate: add checkbox for migrating VM conntrack state Christoph Heiss
2025-07-17 14:15 ` [pve-devel] [PATCH docs v4 14/14] qm: document conntrack state migration for live migrations Christoph Heiss
2025-07-21 14:49 ` Gabriel Goller [this message]
2025-07-30 9:33 ` [pve-devel] [PATCH ve-rs/firewall/qemu-server/manager/docs v4 00/14] fix #5180: migrate conntrack state on live migration Christoph Heiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lhkfemuz6su7xvxsjvpxa2x5q7hhc6kff5nual2nlq2zvkthwf@fmsnvre2hokt \
--to=g.goller@proxmox.com \
--cc=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox