On Mon, 2019-03-18 at 17:47 +0000, Daniel P. Berrangé wrote: > This is a different approach to solving the problem describd in: > > https://www.redhat.com/archives/libvir-list/2019-March/msg00584.html > > That patch would treat each chain creation attempt as non-fatal. This > means ipv4 chains still get created if ipv6 is missing, or if a subset > of ip[6]tables modules are missing (eg "mangle" chain). > > This series takes a different approach of splitting IPv4 and IPv6 > chain creation. Setup for either address family can succeed/fail > independently, however, within an address family everything must > still succeed. Improved error reporting means that users will see > the root cause error when trying to start an error. > > So with this series, 'mangle' support is still compulsory for > any address family, but if IPv6 lacks mangle support, this won't > break IPv4 support. This is good for the default network which > only does IPv4 out of the box. > > Daniel P. Berrangé (2): > network: improve error report when firewall chain creation fails > network: split setup of ipv4 and ipv6 top level chains > > src/network/bridge_driver.c | 3 +- > src/network/bridge_driver_linux.c | 51 ++++++++++++++++++++++++---- > src/network/bridge_driver_nop.c | 3 +- > src/network/bridge_driver_platform.h | 2 +- > src/util/viriptables.c | 14 +++----- > src/util/viriptables.h | 2 +- > 6 files changed, 53 insertions(+), 22 deletions(-) The changes make sense and they make the issue I was encountering on my machine go away, so with the tweaks Michal already pointed out Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx> Is this worth backporting to the stable 5.1.0 branch? -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
