nwfilter: no support for direct type of interface

Ebtables filtering doesn't work on macvtap device. Remove support for direct type of interface.

nwfilter: no support for direct type of interface
Ebtables filtering doesn't work on macvtap device. Remove support for direct type of interface.
973b681b · Stefan Berger · b56fa5bb · 973b681b · 973b681b · 973b681b
Showing with 1 addition and 18 deletion

docs/formatnwfilter.html.in docs/formatnwfilter.html.in +0 -2

src/conf/domain_conf.c src/conf/domain_conf.c +0 -1

src/nwfilter/nwfilter_ebiptables_driver.c src/nwfilter/nwfilter_ebiptables_driver.c +1 -15

未找到文件。
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -52,8 +52,6 @@
       <li><code>network</code></li>
       <li><code>ethernet</code> -- must be used in bridging mode</li>
       <li><code>bridge</code></li>
-       <li><code>direct</code> -- only protocols mac, arp, ip and ipv6
-            can be filtered</li>
      </ul>
    <p>
    The interface XML is used to reference a top-level filter. In the

--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2841,7 +2841,6 @@ virDomainNetDefParseXML(virCapsPtr caps,
        case VIR_DOMAIN_NET_TYPE_ETHERNET:
        case VIR_DOMAIN_NET_TYPE_NETWORK:
        case VIR_DOMAIN_NET_TYPE_BRIDGE:
-        case VIR_DOMAIN_NET_TYPE_DIRECT:
            def->filter = filter;
            filter = NULL;
            def->filterparams = filterparams;

--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -2357,7 +2357,7 @@ err_exit:
 */
 static int
 ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
-                             enum virDomainNetType nettype,
+                             enum virDomainNetType nettype ATTRIBUTE_UNUSED,
                             virNWFilterDefPtr nwfilter,
                             virNWFilterRuleDefPtr rule,
                             const char *ifname,
@@ -2409,13 +2409,6 @@ ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
    case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
    case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
    case VIR_NWFILTER_RULE_PROTOCOL_ALL:
-        if (nettype == VIR_DOMAIN_NET_TYPE_DIRECT) {
-            virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
-                          _("'%s' protocol not support for net type '%s'"),
-                          virNWFilterRuleProtocolTypeToString(rule->prtclType),
-                          virDomainNetTypeToString(nettype));
-            return 1;
-        }
        isIPv6 = 0;
        rc = iptablesCreateRuleInstance(nwfilter,
                                        rule,
@@ -2433,13 +2426,6 @@ ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
    case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
    case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
    case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
-        if (nettype == VIR_DOMAIN_NET_TYPE_DIRECT) {
-            virNWFilterReportError(VIR_ERR_OPERATION_FAILED,
-                          _("'%s' protocol not support for net type '%s'"),
-                          virNWFilterRuleProtocolTypeToString(rule->prtclType),
-                          virDomainNetTypeToString(nettype));
-            return 1;
-        }
        isIPv6 = 1;
        rc = iptablesCreateRuleInstance(nwfilter,
                                        rule,