mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 06:05:27 +00:00
network: don't add iptables rules for externally managed networks
This patch addresses https://bugzilla.redhat.com/show_bug.cgi?id=760442 When a network has any forward type other than route, nat or none, the network configuration should be done completely external to libvirt - libvirt only uses these types to allow configuring guests in a manner that isn't tied to a specific host (all the host-specific information, in particular interface names, port profile data, and bandwidth configuration is in the network definition, and the guest configuration only references it). Due to a bug in the bridge network driver, libvirt was adding iptables rules for networks with forward type='bridge' etc. any time libvirtd was restarted while one of these networks was active. This patch eliminates that error by only "reloading" iptables rules if forward type is route, nat, or none.
This commit is contained in:
parent
9f406c5838
commit
ae1232b298
@ -1470,14 +1470,22 @@ networkReloadIptablesRules(struct network_driver *driver)
|
||||
VIR_INFO("Reloading iptables rules");
|
||||
|
||||
for (i = 0 ; i < driver->networks.count ; i++) {
|
||||
virNetworkObjLock(driver->networks.objs[i]);
|
||||
if (virNetworkObjIsActive(driver->networks.objs[i])) {
|
||||
networkRemoveIptablesRules(driver, driver->networks.objs[i]);
|
||||
if (networkAddIptablesRules(driver, driver->networks.objs[i]) < 0) {
|
||||
virNetworkObjPtr network = driver->networks.objs[i];
|
||||
|
||||
virNetworkObjLock(network);
|
||||
if (virNetworkObjIsActive(network) &&
|
||||
((network->def->forwardType == VIR_NETWORK_FORWARD_NONE) ||
|
||||
(network->def->forwardType == VIR_NETWORK_FORWARD_NAT) ||
|
||||
(network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE))) {
|
||||
/* Only the three L3 network types that are configured by libvirt
|
||||
* need to have iptables rules reloaded.
|
||||
*/
|
||||
networkRemoveIptablesRules(driver, network);
|
||||
if (networkAddIptablesRules(driver, network) < 0) {
|
||||
/* failed to add but already logged */
|
||||
}
|
||||
}
|
||||
virNetworkObjUnlock(driver->networks.objs[i]);
|
||||
virNetworkObjUnlock(network);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user