[libvirt] [PATCH] nwfilter: do not create ebtables chain unnecessarily
Stefan Berger
stefanb at linux.vnet.ibm.com
Fri Dec 16 20:46:22 UTC 2011
If only iptables rules are created then two unnecessary ebtables chains
are also created. This patch fixes this.
The chains had been cleaned up properly when the interface disappeared,
though.
---
src/nwfilter/nwfilter_ebiptables_driver.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
Index: libvirt-iterator/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-iterator.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-iterator/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3622,10 +3622,12 @@ ebiptablesApplyNewRules(const char *ifna
NWFILTER_SET_EBTABLES_SHELLVAR(&buf);
/* create needed chains */
- if (ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
- &ebtChains, &nEbtChains) < 0 ||
- ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
- &ebtChains, &nEbtChains) < 0) {
+ if ((virHashSize(chains_in_set) > 0 &&
+ ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
+ &ebtChains, &nEbtChains) < 0) ||
+ (virHashSize(chains_out_set) > 0 &&
+ ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
+ &ebtChains, &nEbtChains) < 0)) {
goto tear_down_tmpebchains;
}
More information about the libvir-list
mailing list