On 15.10.2012 12:27, Benjamin Cama wrote:
Only add iptables rules for this family, and also only check for
forwarding for this family.
---
src/network/bridge_driver.c | 27 +++++++++++++++++++++------
1 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index e3e8dc2..6bd4217 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1788,7 +1788,9 @@ networkAddIptablesRules(struct network_driver *driver,
return -1;
for (ii = 0;
- (ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii));
+ (ipdef = virNetworkDefGetIpByIndex(network->def,
+ network->def->forwardFamily,
+ ii));
ii++) {
/* Add address-specific iptables rules */
if (networkAddIpSpecificIptablesRules(driver, network, ipdef) < 0) {
@@ -1803,7 +1805,9 @@ err:
* added for previous IP addresses.
*/
while ((--ii >= 0) &&
- (ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii))) {
+ (ipdef = virNetworkDefGetIpByIndex(network->def,
+ network->def->forwardFamily,
+ ii))) {
networkRemoveIpSpecificIptablesRules(driver, network, ipdef);
}
networkRemoveGeneralIptablesRules(driver, network);
@@ -1819,7 +1823,9 @@ networkRemoveIptablesRules(struct network_driver *driver,
virNetworkIpDefPtr ipdef;
for (ii = 0;
- (ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii));
+ (ipdef = virNetworkDefGetIpByIndex(network->def,
+ network->def->forwardFamily,
+ ii));
ii++) {
networkRemoveIpSpecificIptablesRules(driver, network, ipdef);
}
@@ -2173,9 +2179,18 @@ networkStartNetworkVirtual(struct network_driver *driver,
goto err2;
/* If forwardType != NONE, check for IP forwarding */
- if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE &&
- networkCheckIpForwarding(v4present, v6present) < 0) {
- goto err3;
+ if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
+ if (network->def->forwardFamily) {
+ /* if forwardFamily is set, we have at least a corresponding
+ * family's address
+ */
+ if (networkCheckIpForwarding(network->def->forwardFamily == AF_INET,
+ network->def->forwardFamily == AF_INET6)
< 0)
+ goto err3;
+ } else {
+ if (networkCheckIpForwarding(v4present, v6present) < 0)
+ goto err3;
+ }
}
ACK
Michal