From f650d07b6ff57c3108bdbe06890037e9184bbb2f Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@citrix.com>
Date: Thu, 24 Oct 2013 18:27:01 -0700
Subject: [PATCH] CLOUDSTACK-4913: Don't enable ebtables/iptables for
 non-security group zone

---
 .../hypervisor/xen/discoverer/XcpServerDiscoverer.java   | 3 +++
 .../hypervisor/xen/resource/CitrixResourceBase.java      | 9 +++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/discoverer/XcpServerDiscoverer.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/discoverer/XcpServerDiscoverer.java
index bb058e3d175..688488d071a 100755
--- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/discoverer/XcpServerDiscoverer.java
+++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/discoverer/XcpServerDiscoverer.java
@@ -311,6 +311,9 @@ public class XcpServerDiscoverer extends DiscovererBase implements Discoverer, L
                     details.put("storage.network.device1", storageNetworkLabel);
                 }
 
+                DataCenterVO zone = _dcDao.findById(dcId);
+                boolean securityGroupEnabled = zone.isSecurityGroupEnabled();
+                params.put("securitygroupenabled", Boolean.toString(securityGroupEnabled));
 
                 params.put("wait", Integer.toString(_wait));
                 details.put("wait", Integer.toString(_wait));
diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 0c87e0b04ec..57527c452da 100644
--- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -329,6 +329,7 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
     protected int _migratewait;
     protected String _instance; //instance name (default is usually "VM")
     static final Random _rand = new Random(System.currentTimeMillis());
+    protected boolean _securityGroupEnabled;
 
     protected IAgentControl _agentControl;
 
@@ -4969,8 +4970,11 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
                 s_logger.warn("set xenserver Iptable failed");
                 return null;
             }
-            _canBridgeFirewall = can_bridge_firewall(conn);
-
+            
+            if (_securityGroupEnabled) {
+            	_canBridgeFirewall = can_bridge_firewall(conn);
+            }
+            
             String result = callHostPluginPremium(conn, "heartbeat", "host", _host.uuid, "interval", Integer
                     .toString(_heartbeatInterval));
             if (result == null || !result.contains("> DONE <")) {
@@ -5944,6 +5948,7 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
         _publicNetworkName = (String) params.get("public.network.device");
         _guestNetworkName = (String)params.get("guest.network.device");
         _instance = (String) params.get("instance.name");
+        _securityGroupEnabled = Boolean.parseBoolean((String)params.get("securitygroupenabled"));
 
         _linkLocalPrivateNetworkName = (String) params.get("private.linkLocal.device");
         if (_linkLocalPrivateNetworkName == null) {