[libvirt] [PATCH 24/26] Convert ebiptablesDriverProbeStateMatch to virFirewall
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Apr 16 19:43:08 UTC 2014
On 04/08/2014 11:38 AM, Daniel P. Berrange wrote:
> Conver the ebiptablesDriverProbeStateMatch initialization
> check to use the virFirewall APIs for querying iptables
> version.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> src/nwfilter/nwfilter_ebiptables_driver.c | 68 +++++++++++++++++++------------
> 1 file changed, 43 insertions(+), 25 deletions(-)
>
> diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
> index 835e068..8f237a2 100644
> --- a/src/nwfilter/nwfilter_ebiptables_driver.c
> +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
> @@ -3915,45 +3915,62 @@ ebiptablesDriverProbeCtdir(void)
> iptables_ctdir_corrected = CTDIR_STATUS_OLD;
> }
>
> -static void
> -ebiptablesDriverProbeStateMatch(void)
> -{
> - virBuffer buf = VIR_BUFFER_INITIALIZER;
> - char *cmdout = NULL, *version;
> - unsigned long thisversion;
>
> - NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
> -
> - virBufferAsprintf(&buf,
> - "$IPT --version");
> +static int
> +ebiptablesDriverProbeStateMatchQuery(virFirewallPtr fw ATTRIBUTE_UNUSED,
> + const char *const *lines,
> + void *opaque)
> +{
> + unsigned long *version = opaque;
> + char *tmp;
>
> - if (ebiptablesExecCLI(&buf, false, &cmdout) < 0) {
> - VIR_ERROR(_("Testing of iptables command failed: %s"),
> - cmdout);
> - return;
> + if (!lines || !lines[0]) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("No output from iptables --version"));
> + return -1;
> }
>
> /*
> * we expect output in the format
> - * iptables v1.4.16
> + * 'iptables v1.4.16'
> */
> - if (!(version = strchr(cmdout, 'v')) ||
> - virParseVersionString(version + 1, &thisversion, true) < 0) {
> - VIR_ERROR(_("Could not determine iptables version from string %s"),
> - cmdout);
> - goto cleanup;
> + if (!(tmp = strchr(lines[0], 'v')) ||
> + virParseVersionString(tmp + 1, version, true) < 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("Cannot parse version string '%s'"),
> + lines[0]);
> + return -1;
> }
>
> + return 0;
> +}
> +
> +
> +static int
> +ebiptablesDriverProbeStateMatch(void)
> +{
> + virBuffer buf = VIR_BUFFER_INITIALIZER;
> + unsigned long version;
> + virFirewallPtr fw = virFirewallNew();
> +
> + NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
> +
> + virFirewallStartTransaction(fw, 0);
> + virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
> + false, ebiptablesDriverProbeStateMatchQuery, &version,
> + "--version", NULL);
> +
> + if (virFirewallApply(fw) < 0)
> + return -1;
> +
> /*
> * since version 1.4.16 '-m state --state ...' will be converted to
> * '-m conntrack --ctstate ...'
> */
> - if (thisversion >= 1 * 1000000 + 4 * 1000 + 16)
> + if (version >= 1 * 1000000 + 4 * 1000 + 16)
> newMatchState = true;
>
> - cleanup:
> - VIR_FREE(cmdout);
> - return;
> + return 0;
> }
>
> static int
> @@ -3992,7 +4009,8 @@ ebiptablesDriverInit(bool privileged)
>
> if (iptables_cmd_path) {
> ebiptablesDriverProbeCtdir();
> - ebiptablesDriverProbeStateMatch();
> + if (ebiptablesDriverProbeStateMatch() < 0)
> + return -1;
> }
>
> ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;
ACK
More information about the libvir-list
mailing list