network: Report real error if addition of firewall rules fails

If addition of rules in networkAddIptablesRules() failed the real error
was masked by error reported when trying to clean up the remaining
rules.

With this patch the original error message is saved and set back after
the removal is complete.

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 975b7f63abebc7c4dc3d1c7749c0a347cad6ccdc..f1be9543992ddd16ae88783a14e7ee830d456b78 100644 (file)
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2088,6 +2088,7 @@ networkAddIptablesRules(struct network_driver *driver,
 {
     int ii;
     virNetworkIpDefPtr ipdef;
+    virErrorPtr orig_error;
 
     /* Add "once per network" rules */
     if (networkAddGeneralIptablesRules(driver, network) < 0)
@@ -2104,6 +2105,9 @@ networkAddIptablesRules(struct network_driver *driver,
     return 0;
 
 err:
+    /* store the previous error message before attempting removal of rules */
+    orig_error = virSaveLastError();
+
     /* The final failed call to networkAddIpSpecificIptablesRules will
      * have removed any rules it created, but we need to remove those
      * added for previous IP addresses.
@@ -2113,6 +2117,9 @@ err:
         networkRemoveIpSpecificIptablesRules(driver, network, ipdef);
     }
     networkRemoveGeneralIptablesRules(driver, network);
+
+    /* return the original error */
+    virSetError(orig_error);
     return -1;
 }