From 98895e93868272e4b8569595585628d8038c5117 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Thu, 10 Dec 2009 11:27:17 +0000
Subject: [PATCH] reload iptables rules simply by re-adding them

Currently, when we add iptables rules, we keep them on a list so that
we can easily reload them on e.g. 'service libvirtd reload'.

However, we don't save this list to disk, so if libvirtd is restarted
we lose the ability to reload the rules.

The fix is simple - just re-add the damn things on reload.

Note, we delete the rules before re-adding them, just like the current
behaviour of iptRulesReload().

* src/network/bridge_driver.c: re-add the iptables rules on reload.
---
 src/network/bridge_driver.c | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 0342aa082a..766f8cd584 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -96,6 +96,8 @@ static int networkShutdownNetworkDaemon(virConnectPtr conn,
                                       struct network_driver *driver,
                                       virNetworkObjPtr network);
 
+static void networkReloadIptablesRules(struct network_driver *driver);
+
 static struct network_driver *driverState = NULL;
 
 
@@ -291,12 +293,7 @@ networkReload(void) {
                              &driverState->networks,
                              driverState->networkConfigDir,
                              driverState->networkAutostartDir);
-
-     if (driverState->iptables) {
-        VIR_INFO0(_("Reloading iptables rules\n"));
-        iptablesReloadRules(driverState->iptables);
-    }
-
+    networkReloadIptablesRules(driverState);
     networkAutostartConfigs(driverState);
     networkDriverUnlock(driverState);
     return 0;
@@ -812,6 +809,27 @@ networkRemoveIptablesRules(struct network_driver *driver,
     iptablesSaveRules(driver->iptables);
 }
 
+static void
+networkReloadIptablesRules(struct network_driver *driver)
+{
+    unsigned int i;
+
+    VIR_INFO0(_("Reloading iptables rules"));
+
+    for (i = 0 ; i < driver->networks.count ; i++) {
+        virNetworkObjLock(driver->networks.objs[i]);
+
+        if (virNetworkObjIsActive(driver->networks.objs[i])) {
+            networkRemoveIptablesRules(driver, driver->networks.objs[i]);
+            if (!networkAddIptablesRules(NULL, driver, driver->networks.objs[i])) {
+                /* failed to add but already logged */
+            }
+        }
+
+        virNetworkObjUnlock(driver->networks.objs[i]);
+    }
+}
+
 /* Enable IP Forwarding. Return 0 for success, -1 for failure. */
 static int
 networkEnableIpForwarding(void)