In a bid to provider better service to people using my repo for Xen Dom0 kernels for EL6, I've put in place two mirror sites which yum will be able to use. I recommend to everyone using my repo to install the yum-plugin-fastestmirror plugin for yum and to also redownload /etc/yum.repos.d/kernel-xen.repo from here If you are able to offer a stable mirror for this repository in another country, please email me!

Rebuild based on 2.6.32.55 kernel version. Changelogs are as follows:

* Tue Feb 07 2012 Steven Haigh - Re-enable all but the digitv USB DVB modules. Sadly, digitv still fails to build. - Minor tweak of the kernel-xen-devel package. * Wed Feb 01 2012 Steven Haigh - Attempt to create kernel-xen-devel package able to build modules from.

There has been success in building the drbd kernel module against this kernel-xen-devel package - so hopefully others should be buildable without too many issues as well. I've also included a new bridge-utils package that removes the errors associated with the stock EL6 bridge-utils when doing brctl show.

Ok, so I've had quite a few requests to get a kernel-xen-devel package happening so people can build third party kernel modules against my Xen Dom0 kernel. Now I *think* that I've got this sorted out - but before I inflict it on the world I'd like to get a few testers to check if it works at all. It seems the most common request is to build the drbd module from somewhere (not quite sure where). As such, I'm hunting for at least one or two people that can install my kernel RPMs + the kernel-xen-devel package and see if they succeed in building third party modules, then let me know if it works or not. Email me if you're able to help!

I've recently set up a new Xen Dom0 for use by a lot of people - many of whom I may not know very well. This being the case, I want to make sure that people behave and don't take more than they are allocated. The big thing that I needed to solve was people just taking IP addresses out of the /24 assigned to the server. Xen 3.4.1 had a working solution, however it seems to be completely broken in 4.x. So, to solve this, I found that you can do some magic in iptables to give the same result. 1) Enable iptables on bridging interfaces in /etc/sysctl.conf net.bridge.bridge-nf-call-iptables = 1 Then reload the file using sysctl -p 2) Write the rules in /etc/sysconfig/iptables: *filter :INPUT ACCEPT [26:2197] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [444:63703] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p icmp -j ACCEPT -A INPUT -i eth0 -j REJECT --reject-with icmp-host-prohibited -A FORWARD -d 192.168.1.0/24 -j ACCEPT -A FORWARD -s 192.168.1.10/32 -m mac --mac-source 11:22:33:44:55:66 -j ACCEPT -A FORWARD -s 192.168.1.11/32 -m mac --mac-source 11:22:33:44:55:67 -j ACCEPT -A FORWARD -j DROP COMMIT 3) When you set up the DomU config file in /etc/xen, alter your vif line to specify the MAC address: vif = [ 'mac=11:22:33:44:55:66,bridge=br0' ] Now for the explanation. When a packet gets sent TO the DomU, the destination rule is hit and the packet flows TO the DomU. When the DomU replies, if its MAC address doesn't match the one in --mac-source, then the packet is dropped. The added benefit here is that as we DROP everything else, if the DomU tries to change IP or grab an IP not associated with a MAC, the packets will just get dropped. Sadly, theres nothing you can do to stop people from using other entries you put on the list - however it does stop random resource grabs for IPs.

Ok, so I've neglected to put a lot of new up here lately... 1) kernel-xen packages have been updated to 2.6.32.50. 2) Started up a new photography site to try and get some great images to people. I really enjoy taking photos, but DAMN the equipment is expensive. I'm hoping to invest anything made on that site back into equipment to take more photos etc.. 3) Damn, Christmas AND New Years has passed. It was the first real Christmas dinner with family and friends that I'd been a part of in my own home for waaay too long. Emma really pulled it all together and I couldn't have done any of it without her.

Just a quick note to say I've updated Xen to 4.1.2 and my Dom0 linux kernel to 2.6.32.50. They should be automatically updated via yum. Remember to edit your grub.conf correctly after updating the kernel.

I've just posted some new kernel-xen RPMs based on 2.6.32.46. Changelog:

* Sat Sep 17 2011 Steven Haigh 
- Revert "xen/apic: Provide an 'apic_xen' to set the override the apic->[read|write] for all cases."
- Merged in 2.6.32.46 fixes:
      igb: Fix lack of flush after register write and before delay
      fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
      drm/ttm: fix ttm_bo_add_ttm(user) failure path
      x86, UV: Remove UV delay in starting slave cpus
      x86-32, vdso: On system call restart after SYSENTER, use int $0x80
      futex: Fix regression with read only mappings
      ALSA: ac97: Add HP Compaq dc5100 SFF(PT003AW) to Headphone Jack Sense whitelist
      ALSA: snd_usb_caiaq: track submitted output urbs
      befs: Validate length of long symbolic links.
      fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops
      perf tools: do not look at ./config for configuration
      mm: fix wrong vmap address calculations with odd NR_CPUS values
      ALSA: snd-usb-caiaq: Correct offset fields of outbound iso_frame_desc
      hwmon: (ibmaem) add missing kfree
      atm: br2864: sent packets truncated in VC routed mode
      USB: Serial: Added device ID for Qualcomm Modem in Sagemcom's HiLo3G
      USB: usb-storage: unusual_devs entry for ARM V2M motherboard.
      USB: assign instead of equal in usbtmc.c
      USB: xhci: fix OS want to own HC

The guide can be found here.

For a long time now, I've been seeing the effect of technology on everyday life. This is a great video on how technology is causing a very disruptive shift in how we view the world, what it means, and how the next generation will live.

To me, this is one of the best reasons on earth that we should be building the NBN in Australia. The future of having fibre to everywhere will give us a mass of opportunity to live in the new economy in 20-30 years time.

Just posted an update to both kernel-xen and the xen packages. Xen changelog:

* Sun Aug 14 2011 Michael Young - 4.1.1-3 - untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]

kernel-xen changelog:

* Fri Aug 19 2011 Steven Haigh ! Note: USB-DVB still seems to be broken. - commit 'v2.6.32.45': - Linux 2.6.32.45 - powerpc: pseries: Fix kexec on machines with more than 4TB of RAM - powerpc: Fix device tree claim code - ALSA: snd-usb-caiaq: Fix keymap for RigKontrol3 - ALSA: timer - Fix Oops at closing slave timer - net: Compute protocol sequence numbers and fragment IDs using MD5. - crypto: Move md5_transform to lib/md5.c

Details on how to use these packages and set up a repository are available on the EL6 and Xen howto guide.

Have just finished posting a new kernel-xen to the repo. Changes:

* Sun Aug 14 2011 Steven Haigh 
- Disabled module creation for USB DVB tuners due to errors on compile. This
  will affect all DVB tuners using the dvb-usb module.
  I would assume most people who run this kernel won't use USB tuners on Dom0.
- Merged in 2.6.32.44