RE: What to do about Realtek RTL8125 RTL8126 RTL8127 drivers

I've had this thread in my TODO list for long.

I'm not sure what the different options we have mean for users.

As r8125-module is installed by default, we'll want to avoid breaking it for existing users. Would using the new code risk causing regressions? Maybe that's what you meant but I'm not sure. Does our current r8125 driver support both 8125 and 8126, and not 8127? Or just 8125?

If we can't update the driver without causing regressions, then can we offer an alternate driver based on the new code for each chip (8125, 8126, 8127), and what amount of work might this represent?

The target would be XCP-ng 8.3. In XCP-ng 9.0 we'll have a newer kernel and newer drivers anyway.

CCing @Team-Hypervisor-Kernel for their opinion.

Hi @Andrew,

Thanks for the report. I'm seeing the same on my end, so I'll pass this along to the developers.

Dan

@olivierlambert Correct, it switches to Enterprise and then locks up because there isn't a license attached. Switching to the Stable release channel resolves the issue so that it is again running a valid XOA Free.

FWIW, I've verified this bug on XOA Free when on the Latest release channel.

@Lhoust I checked but was unable to locate a new ticket from you. I recommend going to https://vates.tech/contact/ and submit your inquiry from there. Be sure to provide the support tunnel ID if possible.

@olivierlambert said in Limiting access to xo-lite to a specific IP address or ssubnet:

About iptables, there's /etc/sysconfig/iptables but I'm not sure it's the right place to put manual modification, that's why I pinged the @Team-OS-Platform-Release

In a way that's the right place, but one needs to be careful with modifications there.

This changes nothing regarding brute-forcing. XAPI still listens to RPC requests on port 443.

Without changing iptables rules (that's not very flexible and could conflict with XAPI's handling of the rules), there's a way to disable the webserver.

https://docs.xcp-ng.org/management/manage-locally/xo-lite/#disabling-xo-lite