mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-22 04:25:18 +00:00
nwfilter: no support for direct type of interface
Ebtables filtering doesn't work on macvtap device. Remove support for direct type of interface.
This commit is contained in:
Stefan Berger
parent
b56fa5bb37
commit
973b681bdf
@ -52,8 +52,6 @@
|
|||||||
<li><code>network</code></li>
|
<li><code>network</code></li>
|
||||||
<li><code>ethernet</code> -- must be used in bridging mode</li>
|
<li><code>ethernet</code> -- must be used in bridging mode</li>
|
||||||
<li><code>bridge</code></li>
|
<li><code>bridge</code></li>
|
||||||
<li><code>direct</code> -- only protocols mac, arp, ip and ipv6
|
|
||||||
can be filtered</li>
|
|
||||||
</ul>
|
</ul>
|
||||||
<p>
|
<p>
|
||||||
The interface XML is used to reference a top-level filter. In the
|
The interface XML is used to reference a top-level filter. In the
|
||||||
|
|||||||
@ -2841,7 +2841,6 @@ virDomainNetDefParseXML(virCapsPtr caps,
|
|||||||
case VIR_DOMAIN_NET_TYPE_ETHERNET:
|
case VIR_DOMAIN_NET_TYPE_ETHERNET:
|
||||||
case VIR_DOMAIN_NET_TYPE_NETWORK:
|
case VIR_DOMAIN_NET_TYPE_NETWORK:
|
||||||
case VIR_DOMAIN_NET_TYPE_BRIDGE:
|
case VIR_DOMAIN_NET_TYPE_BRIDGE:
|
||||||
case VIR_DOMAIN_NET_TYPE_DIRECT:
|
|
||||||
def->filter = filter;
|
def->filter = filter;
|
||||||
filter = NULL;
|
filter = NULL;
|
||||||
def->filterparams = filterparams;
|
def->filterparams = filterparams;
|
||||||
|
|||||||
@ -2357,7 +2357,7 @@ err_exit:
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
|
ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
|
||||||
enum virDomainNetType nettype,
|
enum virDomainNetType nettype ATTRIBUTE_UNUSED,
|
||||||
virNWFilterDefPtr nwfilter,
|
virNWFilterDefPtr nwfilter,
|
||||||
virNWFilterRuleDefPtr rule,
|
virNWFilterRuleDefPtr rule,
|
||||||
const char *ifname,
|
const char *ifname,
|
||||||
@ -2409,13 +2409,6 @@ ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
|
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
|
case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ALL:
|
case VIR_NWFILTER_RULE_PROTOCOL_ALL:
|
||||||
if (nettype == VIR_DOMAIN_NET_TYPE_DIRECT) {
|
|
||||||
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
|
|
||||||
_("'%s' protocol not support for net type '%s'"),
|
|
||||||
virNWFilterRuleProtocolTypeToString(rule->prtclType),
|
|
||||||
virDomainNetTypeToString(nettype));
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
isIPv6 = 0;
|
isIPv6 = 0;
|
||||||
rc = iptablesCreateRuleInstance(nwfilter,
|
rc = iptablesCreateRuleInstance(nwfilter,
|
||||||
rule,
|
rule,
|
||||||
@ -2433,13 +2426,6 @@ ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
|
case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
|
case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
|
case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
|
||||||
if (nettype == VIR_DOMAIN_NET_TYPE_DIRECT) {
|
|
||||||
virNWFilterReportError(VIR_ERR_OPERATION_FAILED,
|
|
||||||
_("'%s' protocol not support for net type '%s'"),
|
|
||||||
virNWFilterRuleProtocolTypeToString(rule->prtclType),
|
|
||||||
virDomainNetTypeToString(nettype));
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
isIPv6 = 1;
|
isIPv6 = 1;
|
||||||
rc = iptablesCreateRuleInstance(nwfilter,
|
rc = iptablesCreateRuleInstance(nwfilter,
|
||||||
rule,
|
rule,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user