[PATCH 0/2] network: improve firewall rule creation error handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a different approach to solving the problem describd in:

  https://www.redhat.com/archives/libvir-list/2019-March/msg00584.html

That patch would treat each chain creation attempt as non-fatal. This
means ipv4 chains still get created if ipv6 is missing, or if a subset
of ip[6]tables modules are missing (eg "mangle" chain).

This series takes a different approach of splitting IPv4 and IPv6
chain creation. Setup for either address family can succeed/fail
independently, however, within an address family everything must
still succeed. Improved error reporting means that users will see
the root cause error when trying to start an error.

So with this series, 'mangle' support is still compulsory for
any address family, but if IPv6 lacks mangle support, this won't
break IPv4 support. This is good for the default network which
only does IPv4 out of the box.

Daniel P. Berrangé (2):
  network: improve error report when firewall chain creation fails
  network: split setup of ipv4 and ipv6 top level chains

 src/network/bridge_driver.c          |  3 +-
 src/network/bridge_driver_linux.c    | 51 ++++++++++++++++++++++++----
 src/network/bridge_driver_nop.c      |  3 +-
 src/network/bridge_driver_platform.h |  2 +-
 src/util/viriptables.c               | 14 +++-----
 src/util/viriptables.h               |  2 +-
 6 files changed, 53 insertions(+), 22 deletions(-)

-- 
2.20.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux