From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Fri, 16 Dec 2011 21:54:49 +0000 (-0500)
Subject: nwfilter: do not create ebtables chain unnecessarily
X-Git-Tag: v0.9.9-rc1~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4d579de1eb7988a96f93b54442e25f84ae5a5c8;p=thirdparty%2Flibvirt.git

nwfilter: do not create ebtables chain unnecessarily

If only iptables rules are created then two unnecessary ebtables chains
are also created. This patch fixes this and prevents these chains from
being created. They have been cleaned up properly, though.
---

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 8a42cb7b40..d8b1e9798a 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3619,10 +3619,12 @@ ebiptablesApplyNewRules(const char *ifname,
     NWFILTER_SET_EBTABLES_SHELLVAR(&buf);
 
     /* create needed chains */
-    if (ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
-                                          &ebtChains, &nEbtChains) < 0 ||
-        ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
-                                          &ebtChains, &nEbtChains) < 0) {
+    if ((virHashSize(chains_in_set) > 0 &&
+         ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
+                                           &ebtChains, &nEbtChains) < 0) ||
+        (virHashSize(chains_out_set) > 0 &&
+         ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
+                                           &ebtChains, &nEbtChains) < 0)) {
         goto tear_down_tmpebchains;
     }