[libvirt] PATCH: Fix call to save iptables rules
When the virtual network forwarding support was introduced, the refactoring appears to have caused the call to save iptables rules to be left out. This patch fixes it. Daniel. Index: src/qemu_driver.c =================================================================== RCS file: /data/cvs/libvirt/src/qemu_driver.c,v retrieving revision 1.86 diff -u -p -r1.86 qemu_driver.c --- src/qemu_driver.c 12 Jun 2008 08:55:13 -0000 1.86 +++ src/qemu_driver.c 12 Jun 2008 11:18:58 -0000 @@ -1259,7 +1259,7 @@ qemudAddIptablesRules(virConnectPtr conn if (!driver->iptables && !(driver->iptables = iptablesContextNew())) { qemudReportError(conn, NULL, NULL, VIR_ERR_NO_MEMORY, "%s", _("failed to allocate space for IP tables support")); - return 1; + return 0; } @@ -1319,23 +1319,22 @@ qemudAddIptablesRules(virConnectPtr conn } - /* The remaining rules are only needed for IP forwarding */ - if (!network->def->forward) { - iptablesSaveRules(driver->iptables); - return 1; + if (network->def->forward) { + /* If masquerading is enabled, set up the rules*/ + if (network->def->forwardMode == QEMUD_NET_FORWARD_NAT && + !qemudAddMasqueradingIptablesRules(conn, driver, network)) + goto err8; + /* else if routing is enabled, set up the rules*/ + else if (network->def->forwardMode == QEMUD_NET_FORWARD_ROUTE && + !qemudAddRoutingIptablesRules(conn, driver, network)) + goto err8; } - /* If masquerading is enabled, set up the rules*/ - if (network->def->forwardMode == QEMUD_NET_FORWARD_NAT) { - if (qemudAddMasqueradingIptablesRules(conn, driver, network)) - return 1; - } - /* else if routing is enabled, set up the rules*/ - else if (network->def->forwardMode == QEMUD_NET_FORWARD_ROUTE) { - if (qemudAddRoutingIptablesRules(conn, driver, network)) - return 1; - } + iptablesSaveRules(driver->iptables); + + return 1; + err8: iptablesRemoveForwardAllowCross(driver->iptables, network->bridge); err7: -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
On Thu, Jun 12, 2008 at 12:21:10PM +0100, Daniel P. Berrange wrote:
When the virtual network forwarding support was introduced, the refactoring appears to have caused the call to save iptables rules to be left out. This patch fixes it.
Yes, this seems OK. Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones Read my OCaml programming blog: http://camltastic.blogspot.com/ Fedora now supports 59 OCaml packages (the OPEN alternative to F#) http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
On Thu, Jun 12, 2008 at 12:21:10PM +0100, Daniel P. Berrange wrote:
When the virtual network forwarding support was introduced, the refactoring appears to have caused the call to save iptables rules to be left out. This patch fixes it.
Principle sounds good, but i don't really understand that code, so ignore me on that one :-) Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
participants (3)
-
Daniel P. Berrange -
Daniel Veillard -
Richard W.M. Jones