<div dir="ltr"><div><div>OK, now I'm confused.<br><br></div>For MacSpoofing we per default don't have the "macspoof" feature in the engine am I right ?<br><br></div>To get that... you need to set:<br><br>
<pre>engine-config -s EnableMACAntiSpoofingFilterRules=false --cver=3.X<br><br></pre><pre>But no hook needs to be installed for this ? I don't have ping at the momment with macspoof set on true on a VM.<br></pre><br></div>
<div class="gmail_extra"><br><br><div class="gmail_quote">2014-05-15 12:35 GMT+02:00 Itamar Heim <span dir="ltr"><<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">On 05/15/2014 04:26 AM, Matt . wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Itamar,<br>
<br>
On some testhost I'm updating now to 3.4(.x) I also need to install the<br>
hook it seems... it's not there by default.<br>
<br>
Any idea why you thought it should be ?<br>
</blockquote>
<br></div>
there is no need for the hook for port mirroring. you can define a vnic profile with port mirroring via the engine and vdsm has this feature built-in.<br>
<br>
if you need more than just port mirroring (say, port forwarding), then you still need the hook.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">
<br>
Cheers,<br>
<br>
Matt<br>
<br>
<br>
2014-05-12 14:55 GMT+02:00 Matt . <<a href="mailto:yamakasi.014@gmail.com" target="_blank">yamakasi.014@gmail.com</a><br></div>
<mailto:<a href="mailto:yamakasi.014@gmail.com" target="_blank">yamakasi.014@gmail.com</a><u></u>>>:<div class=""><br>
<br>
Hi,<br>
<br>
I really needed to enable the hook... Will investigate on new hosts!<br>
<br>
<br>
2014-05-11 22:37 GMT+02:00 Itamar Heim <<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a><br></div>
<mailto:<a href="mailto:iheim@redhat.com" target="_blank">iheim@redhat.com</a>>>:<div class=""><br>
<br>
On 04/17/2014 04:08 AM, Matt . wrote:<br>
<br>
Hi Guys,<br>
<br>
I'm not able to write a howto yet as we need to check how<br>
this is<br>
running on high traffic and we are going soon. Than, we need<br>
to test<br>
some other functions before I can actually write something down.<br>
<br>
Because this is not all documented well indeed I'm in<br>
testmode and doing<br>
some @ life system as reallife environments are always<br>
coming with other<br>
things than your prefec test.<br>
<br>
I cannot say I needed promiscuouity, I did some things you would<br>
normally do on pfsense which fixed that part. Some old<br>
message you<br>
really need to discard instead of clicking it away was<br>
confusing this test.<br>
<br>
<br>
<br>
you are not supposed to need the promiscious hook for<br>
sniffing/mirroring - that's by now part of engine/vdsm (at vnic<br>
level in earlier versions, and at network profile in later<br>
versions iirc)<br>
<br>
<br>
<br>
2014-04-17 9:08 GMT+02:00 Dan Kenigsberg <<a href="mailto:danken@redhat.com" target="_blank">danken@redhat.com</a><br>
<mailto:<a href="mailto:danken@redhat.com" target="_blank">danken@redhat.com</a>><br></div>
<mailto:<a href="mailto:danken@redhat.com" target="_blank">danken@redhat.com</a> <mailto:<a href="mailto:danken@redhat.com" target="_blank">danken@redhat.com</a>>>>:<div class=""><br>
<br>
<br>
On Thu, Apr 17, 2014 at 01:11:13AM +0200, Matt . wrote:<br>
> OK, also this is finetuned, but it would be nice to<br>
have some<br>
more info<br>
> about the hooks in these cases... it's interesting<br>
as oVirt has<br>
the right<br>
> settings to start with but we need to know what we<br>
need to set<br>
when we have<br>
> a setup like this for an example.<br>
<br>
Could you explain what you have done, and what do you<br>
need promiscuouity<br>
for? oVirt has "port mirroring" that allows to mirror<br>
ip traffic from<br>
one vm network to another.<br>
<br>
><br>
><br>
> 2014-04-17 0:35 GMT+02:00 Matt .<br>
<<a href="mailto:yamakasi.014@gmail.com" target="_blank">yamakasi.014@gmail.com</a> <mailto:<a href="mailto:yamakasi.014@gmail.com" target="_blank">yamakasi.014@gmail.com</a><u></u>><br></div>
<mailto:<a href="mailto:yamakasi.014@gmail.com" target="_blank">yamakasi.014@gmail.com</a><br>
<mailto:<a href="mailto:yamakasi.014@gmail.com" target="_blank">yamakasi.014@gmail.com</a><u></u>>__>>:<div class=""><br>
<br>
><br>
> > Traffic issues are solved, but the advertising in<br>
not that well.<br>
> ><br>
> > I see on ESXi (vSphere) that you need to enable<br>
"Promiscuous<br>
Mode", but<br>
> > how on oVirt ?<br>
> ><br>
> ><br></div>
<a href="http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html" target="_blank">http://www.blissfulidiot.com/_<u></u>_2013/11/using-carp-with-__<u></u>vmware-esxi.html</a><div class=""><br>
<<a href="http://www.blissfulidiot.com/2013/11/using-carp-with-vmware-esxi.html" target="_blank">http://www.blissfulidiot.com/<u></u>2013/11/using-carp-with-<u></u>vmware-esxi.html</a>><br>
> ><br>
> > Do I need the vdsm-hook-promisc for it ? as I need<br>
to make real<br>
settings<br>
> > on a VM there I think the vswitch only needs the mode.<br>
> ><br>
> > Information is welcome!<br>
<br>
<br>
<br>
<br></div>
______________________________<u></u>___________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__<u></u>mailman/listinfo/users</a><br>
<<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a>><br>
<br>
<br>
<br>
<br>
</blockquote>
<br>
</blockquote></div><br></div>