Re: [PATCH 24/26] Convert ebiptablesDriverProbeStateMatch to virFirewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/08/2014 11:38 AM, Daniel P. Berrange wrote:
Conver the ebiptablesDriverProbeStateMatch initialization
check to use the virFirewall APIs for querying iptables
version.

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
  src/nwfilter/nwfilter_ebiptables_driver.c | 68 +++++++++++++++++++------------
  1 file changed, 43 insertions(+), 25 deletions(-)

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 835e068..8f237a2 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3915,45 +3915,62 @@ ebiptablesDriverProbeCtdir(void)
          iptables_ctdir_corrected = CTDIR_STATUS_OLD;
  }

-static void
-ebiptablesDriverProbeStateMatch(void)
-{
-    virBuffer buf = VIR_BUFFER_INITIALIZER;
-    char *cmdout = NULL, *version;
-    unsigned long thisversion;

-    NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
-
-    virBufferAsprintf(&buf,
-                      "$IPT --version");
+static int
+ebiptablesDriverProbeStateMatchQuery(virFirewallPtr fw ATTRIBUTE_UNUSED,
+                                     const char *const *lines,
+                                     void *opaque)
+{
+    unsigned long *version = opaque;
+    char *tmp;

-    if (ebiptablesExecCLI(&buf, false, &cmdout) < 0) {
-        VIR_ERROR(_("Testing of iptables command failed: %s"),
-                  cmdout);
-        return;
+    if (!lines || !lines[0]) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("No output from iptables --version"));
+        return -1;
      }

      /*
       * we expect output in the format
-     * iptables v1.4.16
+     * 'iptables v1.4.16'
       */
-    if (!(version = strchr(cmdout, 'v')) ||
-        virParseVersionString(version + 1, &thisversion, true) < 0) {
-        VIR_ERROR(_("Could not determine iptables version from string %s"),
-                  cmdout);
-        goto cleanup;
+    if (!(tmp = strchr(lines[0], 'v')) ||
+        virParseVersionString(tmp + 1, version, true) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Cannot parse version string '%s'"),
+                       lines[0]);
+        return -1;
      }

+    return 0;
+}
+
+
+static int
+ebiptablesDriverProbeStateMatch(void)
+{
+    virBuffer buf = VIR_BUFFER_INITIALIZER;
+    unsigned long version;
+    virFirewallPtr fw = virFirewallNew();
+
+    NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
+
+    virFirewallStartTransaction(fw, 0);
+    virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
+                           false, ebiptablesDriverProbeStateMatchQuery, &version,
+                           "--version", NULL);
+
+    if (virFirewallApply(fw) < 0)
+        return -1;
+
      /*
       * since version 1.4.16 '-m state --state ...' will be converted to
       * '-m conntrack --ctstate ...'
       */
-    if (thisversion >= 1 * 1000000 + 4 * 1000 + 16)
+    if (version >= 1 * 1000000 + 4 * 1000 + 16)
          newMatchState = true;

- cleanup:
-    VIR_FREE(cmdout);
-    return;
+    return 0;
  }

  static int
@@ -3992,7 +4009,8 @@ ebiptablesDriverInit(bool privileged)

      if (iptables_cmd_path) {
          ebiptablesDriverProbeCtdir();
-        ebiptablesDriverProbeStateMatch();
+        if (ebiptablesDriverProbeStateMatch() < 0)
+            return -1;
      }

      ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;

ACK

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]