[libvirt] [PATCH] only remove masquerade rules in NAT mode

Cole Robinson crobinso at redhat.com
Sun Nov 15 16:56:37 UTC 2009 

On 11/13/2009 12:18 PM, Guido Günther wrote:
> On Thu, Nov 05, 2009 at 08:35:20PM +0100, Guido Günther wrote:
>> Hi,
>> attached patch makes sure we only remove the masquerade rules if
>> forwardType == VIR_NETWORK_FORWARD_NAT and not if forwardType ==
>> VIR_NETWORK_FORWARD_ROUTE since we don't use them there. This fixes:
>> 	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549949
>> O.k. to apply?
> Does this look sane?
>  -- Guido
>>  -- Guido
> 
>> >From 84dc7d595fbd0302077aa767a1fcc840f2a25878 Mon Sep 17 00:00:00 2001
>> From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
>> Date: Thu, 5 Nov 2009 20:28:11 +0100
>> Subject: [PATCH] only remove masquerade roles for VIR_NETWORK_FORWARD_NAT
>>
>> ---
>>  src/network/bridge_driver.c |   11 +++++------
>>  1 files changed, 5 insertions(+), 6 deletions(-)
>>
>> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
>> index 95bc810..86ec392 100644
>> --- a/src/network/bridge_driver.c
>> +++ b/src/network/bridge_driver.c
>> @@ -765,16 +765,15 @@ static void
>>  networkRemoveIptablesRules(struct network_driver *driver,
>>                           virNetworkObjPtr network) {
>>      if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
>> -        iptablesRemoveForwardMasquerade(driver->iptables,
>> -                                        network->def->network,
>> -                                        network->def->forwardDev);
>> -
>> -        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT)
>> +        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) {
>> +            iptablesRemoveForwardMasquerade(driver->iptables,
>> +                                                network->def->network,
>> +                                                network->def->forwardDev);
>>              iptablesRemoveForwardAllowRelatedIn(driver->iptables,
>>                                                  network->def->network,
>>                                                  network->def->bridge,
>>                                                  network->def->forwardDev);
>> -        else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
>> +        } else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
>>              iptablesRemoveForwardAllowIn(driver->iptables,
>>                                           network->def->network,
>>                                           network->def->bridge,
>> -- 
>> 1.6.5.2

ACK

- Cole

More information about the libvir-list mailing list