mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-12 15:52:55 +00:00
54f9492353
This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1035336 The basic problem is that during a network update, the required iptables rules sometimes change, and this was being handled by simply removing and re-adding the rules. However, the removal of the old rules was done based on the *new* state of the network, which would mean that some of the rules would not match those currently in the system, so the old rules wouldn't be removed. This patch removes the old rules prior to updating the network definition then adds the new rules as soon as the definition is updated. Note that this could lead to a stray packet or two during the interim, but that was already a problem before (the period of limbo is now just slightly longer). While moving the location for the rules, I added a few more sections that should result in the iptables rules being redone: DHCP_RANGE and DHCP_HOST - these are needed because adding/removing a dhcp host entry could lead to the dhcp service being started/stopped, which would require that the mangle rule that fixes up dhcp response checksums sould need to be added/removed, and this wasn't being done.
LibVirt : simple API for virtualization
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.
Daniel Veillard <veillard@redhat.com>