diff options
author | Laine Stump <laine@laine.org> | 2012-09-21 15:28:11 -0400 |
---|---|---|
committer | Laine Stump <laine@laine.org> | 2012-09-21 20:10:43 -0400 |
commit | 36ba0ee7b911a0f6536d7c4601afb2cc7a0e9d38 (patch) | |
tree | 5f9fb1f5655d8d240fd806bf17fa97dc3d62ee1a | |
parent | Drop unused return value of virLogOutputFunc (diff) | |
download | libvirt-36ba0ee7b911a0f6536d7c4601afb2cc7a0e9d38.tar.gz libvirt-36ba0ee7b911a0f6536d7c4601afb2cc7a0e9d38.tar.bz2 libvirt-36ba0ee7b911a0f6536d7c4601afb2cc7a0e9d38.zip |
network: don't "refresh" iptables rules on rule-less networks
The bridge driver implementation of virNetworkUpdate() removes and
re-adds iptables rules any time a network has an <ip>, <forward>, or
<forward>/<interface> element updated. There are some types of
networks that have those elements and yet have no iptables rules
associated with them, and unfortunately the functions that remove/add
iptables rules don't check the type of network before attempting to
remove/add the rules, sometimes leading to an erroneous failure of the
entire update operation.
Under normal circumstances I would refactor the lower level functions
to be more robust, but to avoid code churn as much as possible, I've
just added extra checks directly to networkUpdate().
-rw-r--r-- | src/network/bridge_driver.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index fce17390b..6e260f774 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -2945,9 +2945,12 @@ networkUpdate(virNetworkPtr net, goto cleanup; } - if (section == VIR_NETWORK_SECTION_IP || - section == VIR_NETWORK_SECTION_FORWARD || - section == VIR_NETWORK_SECTION_FORWARD_INTERFACE) { + if ((section == VIR_NETWORK_SECTION_IP || + section == VIR_NETWORK_SECTION_FORWARD || + section == VIR_NETWORK_SECTION_FORWARD_INTERFACE) && + (network->def->forwardType == VIR_NETWORK_FORWARD_NONE || + network->def->forwardType == VIR_NETWORK_FORWARD_NAT || + network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)) { /* these could affect the iptables rules */ networkRemoveIptablesRules(driver, network); if (networkAddIptablesRules(driver, network) < 0) |