On Thu, Jul 12, 2012 at 09:17:11PM -0700, Ben Pfaff wrote:
> Debian kernel maintainer Bastian Blank writes, at
> http://bugs.debian.org/680537:
>
> The netfilter rules are a shared resource. There is no synchronization,
> so the admin have the last word. As kernel maintainer, I see it similar
> to a configuration file, so ยง10.7 policy applies.
>
> The purpose of openvswitch is to provide support for switching, not to
> setup filter rules. This means it violates the principle of least
> surprise.
>
> I believe that the argument by analogy to configuration files is weak,
> given that the Debian policy section in question is very specifically about
> files, not about general principles. On the other hand, Debian does not
> install any firewall by default, so the presence of a rule that blocks GRE
> traffic is a sign that the administrator has taken an explicit action to
> install a firewall that blocks GRE, and therefore it is rather rude to
> override this. Therefore, this patch simply turns off this behavior on
> Debian, given that in ordinary Debian installations it will have no
> adverse effect on Open vSwitch.
FWIW, I am in complete agreement with Ben on this.
> Debian bug #680537.
> CC: 680...@bugs.debian.org
> Reported-by: Bastian Blank <wa...@debian.org>
> Signed-off-by: Ben Pfaff <b...@nicira.com>
> ---
> debian/openvswitch-switch.init | 2 --
> 1 files changed, 0 insertions(+), 2 deletions(-)
>
> diff --git a/debian/openvswitch-switch.init b/debian/openvswitch-switch.init
> index 3c93720..f650f87 100755
> --- a/debian/openvswitch-switch.init
> +++ b/debian/openvswitch-switch.init
> @@ -72,8 +72,6 @@ start () {
> fi
> set "$@" $OVS_CTL_OPTS
> "$@" || exit $?
> -
> - ovs_ctl --protocol=gre enable-protocol
> }
>
> stop () {
> --
> 1.7.2.5
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
