[libvirt] [PATCH] only remove masquerade rules in NAT mode

Guido Günther agx at sigxcpu.org
Mon Nov 16 12:36:43 UTC 2009 

On Sun, Nov 15, 2009 at 11:56:37AM -0500, Cole Robinson wrote:
> On 11/13/2009 12:18 PM, Guido Günther wrote:
> > On Thu, Nov 05, 2009 at 08:35:20PM +0100, Guido Günther wrote:
> >> Hi,
> >> attached patch makes sure we only remove the masquerade rules if
> >> forwardType == VIR_NETWORK_FORWARD_NAT and not if forwardType ==
> >> VIR_NETWORK_FORWARD_ROUTE since we don't use them there. This fixes:
> >> 	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549949
> >> O.k. to apply?
> > Does this look sane?
> >  -- Guido
> >>  -- Guido
> > 
> >> >From 84dc7d595fbd0302077aa767a1fcc840f2a25878 Mon Sep 17 00:00:00 2001
> >> From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
> >> Date: Thu, 5 Nov 2009 20:28:11 +0100
> >> Subject: [PATCH] only remove masquerade roles for VIR_NETWORK_FORWARD_NAT
> >>
> >> ---
> >>  src/network/bridge_driver.c |   11 +++++------
> >>  1 files changed, 5 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> >> index 95bc810..86ec392 100644
> >> --- a/src/network/bridge_driver.c
> >> +++ b/src/network/bridge_driver.c
> >> @@ -765,16 +765,15 @@ static void
> >>  networkRemoveIptablesRules(struct network_driver *driver,
> >>                           virNetworkObjPtr network) {
> >>      if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
> >> -        iptablesRemoveForwardMasquerade(driver->iptables,
> >> -                                        network->def->network,
> >> -                                        network->def->forwardDev);
> >> -
> >> -        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT)
> >> +        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) {
> >> +            iptablesRemoveForwardMasquerade(driver->iptables,
> >> +                                                network->def->network,
> >> +                                                network->def->forwardDev);
> >>              iptablesRemoveForwardAllowRelatedIn(driver->iptables,
> >>                                                  network->def->network,
> >>                                                  network->def->bridge,
> >>                                                  network->def->forwardDev);
> >> -        else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
> >> +        } else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
> >>              iptablesRemoveForwardAllowIn(driver->iptables,
> >>                                           network->def->network,
> >>                                           network->def->bridge,
> >> -- 
> >> 1.6.5.2
> 
> ACK
Pushed now.
 -- Guido

More information about the libvir-list mailing list