From: Stefan Berger <stefanb@us.ibm.com>
Date: Wed, 17 Nov 2010 02:18:21 +0000 (-0500)
Subject: nwfilter: also purge ip(6)tables rules before detecting IP address
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=d4897acff85b6c5e06f084cacffd4a5faf5a43e0;p=libvirt.git

nwfilter: also purge ip(6)tables rules before detecting IP address

Rather than only cleaning any remaining ebtables rules, also clean those applied to iptables and ip6tables when detecting the IP address of an interface. Previous applied iptables rules may hinder DHCP packets.
---

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 7b2a50509b..9b7a7c8b07 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -117,6 +117,7 @@ static int ebtablesRemoveBasicRules(const char *ifname);
 static int ebiptablesDriverInit(void);
 static void ebiptablesDriverShutdown(void);
 static int ebtablesCleanAll(const char *ifname);
+static int ebiptablesAllTeardown(const char *ifname);
 
 static virMutex execCLIMutex;
 
@@ -2942,7 +2943,7 @@ ebtablesApplyBasicRules(const char *ifname,
 
     virFormatMacAddr(macaddr, macaddr_str);
 
-    ebtablesCleanAll(ifname);
+    ebiptablesAllTeardown(ifname);
 
     ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);
 
@@ -3041,7 +3042,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
 
     virFormatMacAddr(macaddr, macaddr_str);
 
-    ebtablesCleanAll(ifname);
+    ebiptablesAllTeardown(ifname);
 
     ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);
     ebtablesCreateTmpRootChain(&buf, 0, ifname, 1);
@@ -3143,7 +3144,7 @@ ebtablesApplyDropAllRules(const char *ifname)
         return 1;
     }
 
-    ebtablesCleanAll(ifname);
+    ebiptablesAllTeardown(ifname);
 
     ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);
     ebtablesCreateTmpRootChain(&buf, 0, ifname, 1);