From: Laine Stump Date: Fri, 21 Sep 2012 19:28:11 +0000 (-0400) Subject: network: don't "refresh" iptables rules on rule-less networks X-Git-Tag: v0.10.2~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=36ba0ee7b911a0f6536d7c4601afb2cc7a0e9d38;p=thirdparty%2Flibvirt.git network: don't "refresh" iptables rules on rule-less networks The bridge driver implementation of virNetworkUpdate() removes and re-adds iptables rules any time a network has an , , or / element updated. There are some types of networks that have those elements and yet have no iptables rules associated with them, and unfortunately the functions that remove/add iptables rules don't check the type of network before attempting to remove/add the rules, sometimes leading to an erroneous failure of the entire update operation. Under normal circumstances I would refactor the lower level functions to be more robust, but to avoid code churn as much as possible, I've just added extra checks directly to networkUpdate(). --- diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index fce17390b9..6e260f7746 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -2945,9 +2945,12 @@ networkUpdate(virNetworkPtr net, goto cleanup; } - if (section == VIR_NETWORK_SECTION_IP || - section == VIR_NETWORK_SECTION_FORWARD || - section == VIR_NETWORK_SECTION_FORWARD_INTERFACE) { + if ((section == VIR_NETWORK_SECTION_IP || + section == VIR_NETWORK_SECTION_FORWARD || + section == VIR_NETWORK_SECTION_FORWARD_INTERFACE) && + (network->def->forwardType == VIR_NETWORK_FORWARD_NONE || + network->def->forwardType == VIR_NETWORK_FORWARD_NAT || + network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)) { /* these could affect the iptables rules */ networkRemoveIptablesRules(driver, network); if (networkAddIptablesRules(driver, network) < 0)