[libvirt] [PATCH] nwfilter: do not create ebtables chain unnecessarily

If only iptables rules are created then two unnecessary ebtables chains are also created. This patch fixes this. The chains had been cleaned up properly when the interface disappeared, though. --- src/nwfilter/nwfilter_ebiptables_driver.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) Index: libvirt-iterator/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-iterator.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-iterator/src/nwfilter/nwfilter_ebiptables_driver.c @@ -3622,10 +3622,12 @@ ebiptablesApplyNewRules(const char *ifna NWFILTER_SET_EBTABLES_SHELLVAR(&buf); /* create needed chains */ - if (ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1, - &ebtChains, &nEbtChains) < 0 || - ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0, - &ebtChains, &nEbtChains) < 0) { + if ((virHashSize(chains_in_set) > 0 && + ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1, + &ebtChains, &nEbtChains) < 0) || + (virHashSize(chains_out_set) > 0 && + ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0, + &ebtChains, &nEbtChains) < 0)) { goto tear_down_tmpebchains; }