nwfilter: do not create ebtables chain unnecessarily

If only iptables rules are created then two unnecessary ebtables chains are also created. This patch fixes this and prevents these chains from being created. They have been cleaned up properly, though.

nwfilter: do not create ebtables chain unnecessarily
If only iptables rules are created then two unnecessary ebtables chains are also created. This patch fixes this and prevents these chains from being created. They have been cleaned up properly, though.
b4d579de · Stefan Berger · Stefan Berger · f9d60b19 · b4d579de
隐藏空白更改
内联并排

Showing with 6 addition and 4 deletion

src/nwfilter/nwfilter_ebiptables_driver.c src/nwfilter/nwfilter_ebiptables_driver.c +6 -4

未找到文件。
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3619,10 +3619,12 @@ ebiptablesApplyNewRules(const char *ifname,
    NWFILTER_SET_EBTABLES_SHELLVAR(&buf);

    /* create needed chains */
-    if (ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
-                                          &ebtChains, &nEbtChains) < 0 ||
-        ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
-                                          &ebtChains, &nEbtChains) < 0) {
+    if ((virHashSize(chains_in_set) > 0 &&
+         ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
+                                           &ebtChains, &nEbtChains) < 0) ||
+        (virHashSize(chains_out_set) > 0 &&
+         ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
+                                           &ebtChains, &nEbtChains) < 0)) {
        goto tear_down_tmpebchains;
    }