diff --git a/po/POTFILES.in b/po/POTFILES.in
index a8a59758de..efac7b2d8b 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -96,7 +96,6 @@ src/parallels/parallels_utils.h
src/parallels/parallels_storage.c
src/phyp/phyp_driver.c
src/qemu/qemu_agent.c
-src/qemu/qemu_bridge_filter.c
src/qemu/qemu_capabilities.c
src/qemu/qemu_cgroup.c
src/qemu/qemu_command.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 4bc2df4bc4..a88b258b72 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -688,9 +688,7 @@ QEMU_DRIVER_SOURCES = \
qemu/qemu_monitor_text.h \
qemu/qemu_monitor_json.c \
qemu/qemu_monitor_json.h \
- qemu/qemu_driver.c qemu/qemu_driver.h \
- qemu/qemu_bridge_filter.c \
- qemu/qemu_bridge_filter.h
+ qemu/qemu_driver.c qemu/qemu_driver.h
XENAPI_DRIVER_SOURCES = \
xenapi/xenapi_driver.c xenapi/xenapi_driver.h \
diff --git a/src/qemu/qemu_bridge_filter.c b/src/qemu/qemu_bridge_filter.c
deleted file mode 100644
index 49954c62c3..0000000000
--- a/src/qemu/qemu_bridge_filter.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (C) 2007-2009, 2013 Red Hat, Inc.
- * Copyright (C) 2009 IBM Corp.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library. If not, see
- * .
- *
- * Authors:
- * Gerhard Stenzel
- */
-
-#include
-
-#include "virebtables.h"
-#include "qemu_conf.h"
-#include "qemu_driver.h"
-#include "virerror.h"
-#include "virlog.h"
-
-#include "qemu_bridge_filter.h"
-
-#define VIR_FROM_THIS VIR_FROM_QEMU
-
-int
-networkAddEbtablesRules(virQEMUDriverPtr driver) {
- int err;
-
- /* Set forward policy to DROP */
- if ((err = ebtablesAddForwardPolicyReject(driver->ebtables))) {
- virReportSystemError(err,
- _("failed to add ebtables rule to set default policy to drop on '%s'"),
- __FILE__);
- return err;
- }
-
- return 0;
-}
-
-
-int
-networkDisableAllFrames(virQEMUDriverPtr driver) {
- int err;
-
- /* add default rules */
- if ((err = networkAddEbtablesRules(driver))) {
- virReportSystemError(err,
- _("cannot filter mac addresses on bridge '%s'"),
- __FILE__);
- return err;
- }
- return 0;
-}
-
-int
-networkAllowMacOnPort(virQEMUDriverPtr driver,
- const char * ifname,
- const virMacAddr *mac)
-{
- int err;
-
- /* allow this combination of macaddr and ifname */
- ebtablesContext * ebtablescontext = driver->ebtables;
- if ((err = ebtablesAddForwardAllowIn(ebtablescontext,
- ifname,
- mac))) {
- virReportSystemError(err,
- _("failed to add ebtables rule to allow routing to '%s'"),
- ifname);
- }
-
- return 0;
-}
-
-
-int
-networkDisallowMacOnPort(virQEMUDriverPtr driver,
- const char * ifname,
- const virMacAddr *mac)
-{
- int err;
-
- /* disallow this combination of macaddr and ifname */
- ebtablesContext * ebtablescontext = driver->ebtables;
- if ((err = ebtablesRemoveForwardAllowIn(ebtablescontext,
- ifname,
- mac))) {
- virReportSystemError(err,
- _("failed to add ebtables rule to allow routing to '%s'"),
- ifname);
- }
-
- return 0;
-}
diff --git a/src/qemu/qemu_bridge_filter.h b/src/qemu/qemu_bridge_filter.h
deleted file mode 100644
index bacced8222..0000000000
--- a/src/qemu/qemu_bridge_filter.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2007-2009, 2013 Red Hat, Inc.
- * Copyright (C) 2009 IBM Corp.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library. If not, see
- * .
- *
- * Authors:
- * Gerhard Stenzel
- */
-
-#ifndef __QEMUD_BRIDGE_FILTER_H__
-# define __QEMUD_BRIDGE_FILTER_H__
-
-
-int networkAllowMacOnPort(virQEMUDriverPtr driver,
- const char *ifname,
- const virMacAddr *mac);
-int networkDisallowMacOnPort(virQEMUDriverPtr driver,
- const char *ifname,
- const virMacAddr *mac);
-int networkDisableAllFrames(virQEMUDriverPtr driver);
-int networkAddEbtablesRules(virQEMUDriverPtr driver);
-
-
-#endif /* __QEMUD_BRIDGE_FILTER_H__ */
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 775e139ee3..dbb8499bf7 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -26,7 +26,6 @@
#include "qemu_command.h"
#include "qemu_hostdev.h"
#include "qemu_capabilities.h"
-#include "qemu_bridge_filter.h"
#include "cpu/cpu.h"
#include "dirname.h"
#include "passfd.h"
@@ -380,12 +379,10 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
virDomainAuditNetDevice(def, net, "/dev/net/tun", true);
if (cfg->macFilter &&
- (ret = networkAllowMacOnPort(driver, net->ifname, &net->mac)) < 0) {
- virReportSystemError(ret,
- _("failed to add ebtables rule "
- "to allow MAC address on '%s'"),
- net->ifname);
- }
+ ebtablesAddForwardAllowIn(driver->ebtables,
+ net->ifname,
+ &net->mac) < 0)
+ goto cleanup;
if (virNetDevBandwidthSet(net->ifname,
virDomainNetGetActualBandwidth(net),
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 20fd62dda2..bdba7d48dc 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -38,7 +38,6 @@
#include "qemu_conf.h"
#include "qemu_command.h"
#include "qemu_capabilities.h"
-#include "qemu_bridge_filter.h"
#include "viruuid.h"
#include "virbuffer.h"
#include "virconf.h"
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 7fea07c72d..aa7b129b3b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -53,7 +53,6 @@
#include "qemu_hostdev.h"
#include "qemu_hotplug.h"
#include "qemu_monitor.h"
-#include "qemu_bridge_filter.h"
#include "qemu_process.h"
#include "qemu_migration.h"
@@ -663,12 +662,8 @@ qemuStateInitialize(bool privileged,
goto error;
}
- if ((errno = networkDisableAllFrames(qemu_driver))) {
- virReportSystemError(errno,
- _("failed to add rule to drop all frames in '%s'"),
- __FILE__);
+ if (ebtablesAddForwardPolicyReject(qemu_driver->ebtables) < 0)
goto error;
- }
}
/* Allocate bitmap for remote display port reservations. We cannot
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 6ff2489d2f..4abf9b3f5c 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -29,7 +29,6 @@
#include "qemu_capabilities.h"
#include "qemu_domain.h"
#include "qemu_command.h"
-#include "qemu_bridge_filter.h"
#include "qemu_hostdev.h"
#include "domain_audit.h"
#include "domain_nwfilter.h"
@@ -2710,13 +2709,9 @@ qemuDomainRemoveNetDevice(virQEMUDriverPtr driver,
}
if (cfg->macFilter && (net->ifname != NULL)) {
- if ((errno = networkDisallowMacOnPort(driver,
- net->ifname,
- &net->mac))) {
- virReportSystemError(errno,
- _("failed to remove ebtables rule on '%s'"),
- net->ifname);
- }
+ ignore_value(ebtablesRemoveForwardAllowIn(driver->ebtables,
+ net->ifname,
+ &net->mac));
}
vport = virDomainNetGetActualVirtPortProfile(net);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index ffa939a996..1f008409a0 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -41,7 +41,6 @@
#include "qemu_command.h"
#include "qemu_hostdev.h"
#include "qemu_hotplug.h"
-#include "qemu_bridge_filter.h"
#include "qemu_migration.h"
#include "cpu/cpu.h"
@@ -4280,12 +4279,9 @@ void qemuProcessStop(virQEMUDriverPtr driver,
virDomainNetDefPtr net = def->nets[i];
if (net->ifname == NULL)
continue;
- if ((errno = networkDisallowMacOnPort(driver, net->ifname,
- &net->mac))) {
- virReportSystemError(errno,
- _("failed to remove ebtables rule to allow MAC address on '%s'"),
- net->ifname);
- }
+ ignore_value(ebtablesRemoveForwardAllowIn(driver->ebtables,
+ net->ifname,
+ &net->mac));
}
}