Re: [libvirt] [PATCH 2/3] network: add more debugging of firewall chain creation
On 5/22/19 6:29 AM, Daniel P. Berrangé wrote:
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/network/bridge_driver_linux.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
The additional debug messages proved helpful while testing the patches!
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Regards,
Jim
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index 0d849173b2..2b29363f3c 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -45,28 +45,42 @@ static void networkSetupPrivateChains(void)
{
int rc;
+ VIR_DEBUG("Setting up global firewall chains");
+
createdChains = false;
rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
if (rc < 0) {
+ VIR_DEBUG("Failed to create global IPv4 chains: %s",
+ virGetLastErrorMessage());
errInitV4 = virSaveLastError();
virResetLastError();
} else {
virFreeError(errInitV4);
errInitV4 = NULL;
- if (rc)
+ if (rc) {
+ VIR_DEBUG("Created global IPv4 chains");
createdChains = true;
+ } else {
+ VIR_DEBUG("Global IPv4 chains already exist");
+ }
}
rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV6);
if (rc < 0) {
+ VIR_DEBUG("Failed to create global IPv6 chains: %s",
+ virGetLastErrorMessage());
errInitV6 = virSaveLastError();
virResetLastError();
} else {
virFreeError(errInitV6);
errInitV6 = NULL;
- if (rc)
+ if (rc) {
+ VIR_DEBUG("Created global IPv6 chains");
createdChains = true;
+ } else {
+ VIR_DEBUG("Global IPv6 chains already exist");
+ }
}
}