From e6d74d8db5983c7fe65b1f99d80a0bdd74813182 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 11 Jan 2013 11:38:30 +0100
Subject: [PATCH] network: Report real error if addition of firewall rules
 fails

If addition of rules in networkAddIptablesRules() failed the real error
was masked by error reported when trying to clean up the remaining
rules.

With this patch the original error message is saved and set back after
the removal is complete.
---
 src/network/bridge_driver.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 975b7f63ab..f1be954399 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2088,6 +2088,7 @@ networkAddIptablesRules(struct network_driver *driver,
 {
     int ii;
     virNetworkIpDefPtr ipdef;
+    virErrorPtr orig_error;
 
     /* Add "once per network" rules */
     if (networkAddGeneralIptablesRules(driver, network) < 0)
@@ -2104,6 +2105,9 @@ networkAddIptablesRules(struct network_driver *driver,
     return 0;
 
 err:
+    /* store the previous error message before attempting removal of rules */
+    orig_error = virSaveLastError();
+
     /* The final failed call to networkAddIpSpecificIptablesRules will
      * have removed any rules it created, but we need to remove those
      * added for previous IP addresses.
@@ -2113,6 +2117,9 @@ err:
         networkRemoveIpSpecificIptablesRules(driver, network, ipdef);
     }
     networkRemoveGeneralIptablesRules(driver, network);
+
+    /* return the original error */
+    virSetError(orig_error);
     return -1;
 }