Ebtables filtering doesn't work on macvtap device. Remove support for direct type of interface. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- docs/formatnwfilter.html.in | 2 -- src/conf/domain_conf.c | 1 - src/nwfilter/nwfilter_ebiptables_driver.c | 16 +--------------- 3 files changed, 1 insertion(+), 18 deletions(-) Index: libvirt-acl/src/conf/domain_conf.c =================================================================== --- libvirt-acl.orig/src/conf/domain_conf.c +++ libvirt-acl/src/conf/domain_conf.c @@ -2862,7 +2862,6 @@ virDomainNetDefParseXML(virCapsPtr caps, case VIR_DOMAIN_NET_TYPE_ETHERNET: case VIR_DOMAIN_NET_TYPE_NETWORK: case VIR_DOMAIN_NET_TYPE_BRIDGE: - case VIR_DOMAIN_NET_TYPE_DIRECT: def->filter = filter; filter = NULL; def->filterparams = filterparams; Index: libvirt-acl/docs/formatnwfilter.html.in =================================================================== --- libvirt-acl.orig/docs/formatnwfilter.html.in +++ libvirt-acl/docs/formatnwfilter.html.in @@ -52,8 +52,6 @@ <li><code>network</code></li> <li><code>ethernet</code> -- must be used in bridging mode</li> <li><code>bridge</code></li> - <li><code>direct</code> -- only protocols mac, arp, ip and ipv6 - can be filtered</li> </ul> <p> The interface XML is used to reference a top-level filter. In the Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -2357,7 +2357,7 @@ err_exit: */ static int ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED, - enum virDomainNetType nettype, + enum virDomainNetType nettype ATTRIBUTE_UNUSED, virNWFilterDefPtr nwfilter, virNWFilterRuleDefPtr rule, const char *ifname, @@ -2409,13 +2409,6 @@ ebiptablesCreateRuleInstance(virConnectP case VIR_NWFILTER_RULE_PROTOCOL_ICMP: case VIR_NWFILTER_RULE_PROTOCOL_IGMP: case VIR_NWFILTER_RULE_PROTOCOL_ALL: - if (nettype == VIR_DOMAIN_NET_TYPE_DIRECT) { - virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, - _("'%s' protocol not support for net type '%s'"), - virNWFilterRuleProtocolTypeToString(rule->prtclType), - virDomainNetTypeToString(nettype)); - return 1; - } isIPv6 = 0; rc = iptablesCreateRuleInstance(nwfilter, rule, @@ -2433,13 +2426,6 @@ ebiptablesCreateRuleInstance(virConnectP case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6: case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6: case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6: - if (nettype == VIR_DOMAIN_NET_TYPE_DIRECT) { - virNWFilterReportError(VIR_ERR_OPERATION_FAILED, - _("'%s' protocol not support for net type '%s'"), - virNWFilterRuleProtocolTypeToString(rule->prtclType), - virDomainNetTypeToString(nettype)); - return 1; - } isIPv6 = 1; rc = iptablesCreateRuleInstance(nwfilter, rule,