[Libvir] [patch 1/2] Do not try and delete built-in iptables chains

Previously, when we supported adding our rules to chains with a custom prefix (e.g. libvirt-Fedora-POSTROUTING) we needed to be able to handle adding and deleting these custom chains. Now that we only use built-in iptables chains, we don't need to add or delete them - in fact, deleting them is not allowed. (Note: this was the only user of the iptablesSpawn(NO_ERRORS) stuff - we didn't want error spew when adding/deleting the chains failed as expected in most cases) Signed-off-by: Mark McLoughlin <markmc(a)redhat.com&gt; Index: libvirt/src/iptables.c =================================================================== --- libvirt.orig/src/iptables.c 2008-01-07 17:26:42.000000000 +0000 +++ libvirt.orig/src/iptables.c 2008-01-07 17:26:42.000000000 +0000 @@ -386,53 +386,6 @@ iptRulesNew(const char *table, return NULL; } -static int -iptablesAddRemoveChain(iptRules *rules, int action) -{ - char **argv; - int retval = ENOMEM; - int n, status; - - n = 1 + /* /sbin/iptables */ - 2 + /* --table foo */ - 2; /* --new-chain bar */ - - if (!(argv = calloc(n + 1, sizeof(*argv)))) - goto error; - - n = 0; - - if (!(argv[n++] = strdup(IPTABLES_PATH))) - goto error; - - if (!(argv[n++] = strdup("--table"))) - goto error; - - if (!(argv[n++] = strdup(rules->table))) - goto error; - - if (!(argv[n++] = strdup(action == ADD ? "--new-chain" : "--delete-chain"))) - goto error; - - if (!(argv[n++] = strdup(rules->chain))) - goto error; - - if (virRun(NULL, argv, &status) < 0) - retval = errno; - - retval = 0; - - error: - if (argv) { - n = 0; - while (argv[n]) - free(argv[n++]); - free(argv); - } - - return retval; -} - static char * argvToString(char **argv) { @@ -521,19 +474,11 @@ iptablesAddRemoveRule(iptRules *rules, i goto error; } - if (action == ADD && - (retval = iptablesAddRemoveChain(rules, action))) - goto error; - if (virRun(NULL, argv, NULL) < 0) { retval = errno; goto error; } - if (action == REMOVE && - (retval = iptablesAddRemoveChain(rules, action))) - goto error; - if (action == ADD) { retval = iptRulesAppend(rules, rule, argv, command_idx); rule = NULL; @@ -641,11 +586,6 @@ iptRulesReload(iptRules *rules) rule->argv[rule->command_idx] = orig; } - if ((retval = iptablesAddRemoveChain(rules, REMOVE)) || - (retval = iptablesAddRemoveChain(rules, ADD))) - qemudLog(QEMUD_WARN, "Failed to re-create chain '%s' in table '%s': %s", - rules->chain, rules->table, strerror(retval)); - for (i = 0; i < rules->nrules; i++) if (virRun(NULL, rules->rules[i].argv, NULL) < 0) qemudLog(QEMUD_WARN, "Failed to add iptables rule '%s' to chain '%s' in table '%s': %s", --