[libvirt] [PATCH 24/26] Convert ebiptablesDriverProbeStateMatch to virFirewall

Stefan Berger stefanb at linux.vnet.ibm.com
Wed Apr 16 19:43:08 UTC 2014 

On 04/08/2014 11:38 AM, Daniel P. Berrange wrote:
> Conver the ebiptablesDriverProbeStateMatch initialization
> check to use the virFirewall APIs for querying iptables
> version.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
>   src/nwfilter/nwfilter_ebiptables_driver.c | 68 +++++++++++++++++++------------
>   1 file changed, 43 insertions(+), 25 deletions(-)
>
> diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
> index 835e068..8f237a2 100644
> --- a/src/nwfilter/nwfilter_ebiptables_driver.c
> +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
> @@ -3915,45 +3915,62 @@ ebiptablesDriverProbeCtdir(void)
>           iptables_ctdir_corrected = CTDIR_STATUS_OLD;
>   }
>
> -static void
> -ebiptablesDriverProbeStateMatch(void)
> -{
> -    virBuffer buf = VIR_BUFFER_INITIALIZER;
> -    char *cmdout = NULL, *version;
> -    unsigned long thisversion;
>
> -    NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
> -
> -    virBufferAsprintf(&buf,
> -                      "$IPT --version");
> +static int
> +ebiptablesDriverProbeStateMatchQuery(virFirewallPtr fw ATTRIBUTE_UNUSED,
> +                                     const char *const *lines,
> +                                     void *opaque)
> +{
> +    unsigned long *version = opaque;
> +    char *tmp;
>
> -    if (ebiptablesExecCLI(&buf, false, &cmdout) < 0) {
> -        VIR_ERROR(_("Testing of iptables command failed: %s"),
> -                  cmdout);
> -        return;
> +    if (!lines || !lines[0]) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("No output from iptables --version"));
> +        return -1;
>       }
>
>       /*
>        * we expect output in the format
> -     * iptables v1.4.16
> +     * 'iptables v1.4.16'
>        */
> -    if (!(version = strchr(cmdout, 'v')) ||
> -        virParseVersionString(version + 1, &thisversion, true) < 0) {
> -        VIR_ERROR(_("Could not determine iptables version from string %s"),
> -                  cmdout);
> -        goto cleanup;
> +    if (!(tmp = strchr(lines[0], 'v')) ||
> +        virParseVersionString(tmp + 1, version, true) < 0) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR,
> +                       _("Cannot parse version string '%s'"),
> +                       lines[0]);
> +        return -1;
>       }
>
> +    return 0;
> +}
> +
> +
> +static int
> +ebiptablesDriverProbeStateMatch(void)
> +{
> +    virBuffer buf = VIR_BUFFER_INITIALIZER;
> +    unsigned long version;
> +    virFirewallPtr fw = virFirewallNew();
> +
> +    NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
> +
> +    virFirewallStartTransaction(fw, 0);
> +    virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
> +                           false, ebiptablesDriverProbeStateMatchQuery, &version,
> +                           "--version", NULL);
> +
> +    if (virFirewallApply(fw) < 0)
> +        return -1;
> +
>       /*
>        * since version 1.4.16 '-m state --state ...' will be converted to
>        * '-m conntrack --ctstate ...'
>        */
> -    if (thisversion >= 1 * 1000000 + 4 * 1000 + 16)
> +    if (version >= 1 * 1000000 + 4 * 1000 + 16)
>           newMatchState = true;
>
> - cleanup:
> -    VIR_FREE(cmdout);
> -    return;
> +    return 0;
>   }
>
>   static int
> @@ -3992,7 +4009,8 @@ ebiptablesDriverInit(bool privileged)
>
>       if (iptables_cmd_path) {
>           ebiptablesDriverProbeCtdir();
> -        ebiptablesDriverProbeStateMatch();
> +        if (ebiptablesDriverProbeStateMatch() < 0)
> +            return -1;
>       }
>
>       ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;

ACK

More information about the libvir-list mailing list