64 lines
2.6 KiB
Diff
64 lines
2.6 KiB
Diff
From 5518346b4eb63a89d61f49f3ae9e58dd2ebfbd94 Mon Sep 17 00:00:00 2001
|
|
From: Laine Stump <laine@redhat.com>
|
|
Date: Tue, 6 Dec 2011 15:13:50 -0500
|
|
Subject: [PATCH 11/13] network: don't add iptables rules for externally
|
|
managed networks
|
|
|
|
(direct cherry-pick of upstream commit ae1232b)
|
|
|
|
This patch addresses https://bugzilla.redhat.com/show_bug.cgi?id=760442
|
|
|
|
When a network has any forward type other than route, nat or none, the
|
|
network configuration should be done completely external to libvirt -
|
|
libvirt only uses these types to allow configuring guests in a manner
|
|
that isn't tied to a specific host (all the host-specific information,
|
|
in particular interface names, port profile data, and bandwidth
|
|
configuration is in the network definition, and the guest
|
|
configuration only references it).
|
|
|
|
Due to a bug in the bridge network driver, libvirt was adding iptables
|
|
rules for networks with forward type='bridge' etc. any time libvirtd
|
|
was restarted while one of these networks was active.
|
|
|
|
This patch eliminates that error by only "reloading" iptables rules if
|
|
forward type is route, nat, or none.
|
|
---
|
|
src/network/bridge_driver.c | 18 +++++++++++++-----
|
|
1 files changed, 13 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
|
|
index 9960745..be725d9 100644
|
|
--- a/src/network/bridge_driver.c
|
|
+++ b/src/network/bridge_driver.c
|
|
@@ -1480,14 +1480,22 @@ networkReloadIptablesRules(struct network_driver *driver)
|
|
VIR_INFO("Reloading iptables rules");
|
|
|
|
for (i = 0 ; i < driver->networks.count ; i++) {
|
|
- virNetworkObjLock(driver->networks.objs[i]);
|
|
- if (virNetworkObjIsActive(driver->networks.objs[i])) {
|
|
- networkRemoveIptablesRules(driver, driver->networks.objs[i]);
|
|
- if (networkAddIptablesRules(driver, driver->networks.objs[i]) < 0) {
|
|
+ virNetworkObjPtr network = driver->networks.objs[i];
|
|
+
|
|
+ virNetworkObjLock(network);
|
|
+ if (virNetworkObjIsActive(network) &&
|
|
+ ((network->def->forwardType == VIR_NETWORK_FORWARD_NONE) ||
|
|
+ (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) ||
|
|
+ (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE))) {
|
|
+ /* Only the three L3 network types that are configured by libvirt
|
|
+ * need to have iptables rules reloaded.
|
|
+ */
|
|
+ networkRemoveIptablesRules(driver, network);
|
|
+ if (networkAddIptablesRules(driver, network) < 0) {
|
|
/* failed to add but already logged */
|
|
}
|
|
}
|
|
- virNetworkObjUnlock(driver->networks.objs[i]);
|
|
+ virNetworkObjUnlock(network);
|
|
}
|
|
}
|
|
|
|
--
|
|
1.7.7.3
|
|
|