[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] nwfilter: do not create ebtables chain unnecessarily



If only iptables rules are created then two unnecessary ebtables chains
are also created. This patch fixes this.
The chains had been cleaned up properly when the interface disappeared, though.

---
 src/nwfilter/nwfilter_ebiptables_driver.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Index: libvirt-iterator/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-iterator.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-iterator/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3622,10 +3622,12 @@ ebiptablesApplyNewRules(const char *ifna
     NWFILTER_SET_EBTABLES_SHELLVAR(&buf);

     /* create needed chains */
-    if (ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
- &ebtChains, &nEbtChains) < 0 ||
-        ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
- &ebtChains, &nEbtChains) < 0) {
+    if ((virHashSize(chains_in_set) > 0 &&
+         ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
+ &ebtChains, &nEbtChains) < 0) ||
+        (virHashSize(chains_out_set) > 0 &&
+         ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
+ &ebtChains, &nEbtChains) < 0)) {
         goto tear_down_tmpebchains;
     }


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]