[libvirt] [PATCH 03/13] Fix logging of failed iptables commands
Eric Blake
eblake at redhat.com
Mon Dec 20 23:57:38 UTC 2010
On 12/20/2010 01:03 AM, Laine Stump wrote:
> The functions in iptables.c all return -1 on failure, but all their
> callers (which all happen to be in bridge_driver.c) assume that they
> are returning an errno, and the logging is done accordingly. This
> patch fixes all the error checking and logging to assume < 0 is an
> error, and nothing else.
> ---
> src/network/bridge_driver.c | 183 +++++++++++++++++++++----------------------
> 1 files changed, 91 insertions(+), 92 deletions(-)
Do any of the iptables.c functions guarantee that errno is a sane value
when returning -1?
> - virReportSystemError(err,
> - _("failed to add iptables rule to allow forwarding from '%s'"),
> - network->def->bridge);
> + if (iptablesAddForwardAllowOut(driver->iptables,
> + &network->def->ipAddress,
> + &network->def->netmask,
> + network->def->bridge,
> + network->def->forwardDev) < 0) {
> + networkReportError(VIR_ERR_SYSTEM_ERROR,
> + _("failed to add iptables rule to allow forwarding from '%s'"),
> + network->def->bridge);
or are we okay with this slightly less-informative message, if we happen
to be ignoring a valid errno? Then again, given that the old code was
using strerror(-1), which doesn't convey any information, we aren't
really losing anything in practice from the old code by not displaying
errno, even if iptables guaranteed that errno was useful. Therefore:
ACK as-is.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20101220/577beb46/attachment-0001.sig>
More information about the libvir-list
mailing list