External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-28 03:21:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Convert ebiptablesDriverProbeStateMatch to virFirewall

Browse Source 
Conver the ebiptablesDriverProbeStateMatch initialization
check to use the virFirewall APIs for querying iptables
version.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2014-03-31 12:58:20 +01:00
parent 001130c096
commit 70571ccc98
1 changed files with 43 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/nwfilter/nwfilter_ebiptables_driver.c
View File

@ -3923,45 +3923,62 @@ ebiptablesDriverProbeCtdir(void)
iptables_ctdir_corrected = CTDIR_STATUS_OLD; iptables_ctdir_corrected = CTDIR_STATUS_OLD;
} }
static void
ebiptablesDriverProbeStateMatch(void) static int
ebiptablesDriverProbeStateMatchQuery(virFirewallPtr fw ATTRIBUTE_UNUSED,
const char *const *lines,
void *opaque)
{ {
virBuffer buf = VIR_BUFFER_INITIALIZER; unsigned long *version = opaque;
char *cmdout = NULL, *version; char *tmp;
unsigned long thisversion;
NWFILTER_SET_IPTABLES_SHELLVAR(&buf); if (!lines || !lines[0]) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
virBufferAsprintf(&buf, _("No output from iptables --version"));
"$IPT --version"); return -1;
if (ebiptablesExecCLI(&buf, false, &cmdout) < 0) {
VIR_ERROR(_("Testing of iptables command failed: %s"),
cmdout);
return;
} }
/* /*
* we expect output in the format * we expect output in the format
* iptables v1.4.16 * 'iptables v1.4.16'
*/ */
if (!(version = strchr(cmdout, 'v')) || if (!(tmp = strchr(lines[0], 'v')) ||
virParseVersionString(version + 1, &thisversion, true) < 0) { virParseVersionString(tmp + 1, version, true) < 0) {
VIR_ERROR(_("Could not determine iptables version from string %s"), virReportError(VIR_ERR_INTERNAL_ERROR,
cmdout); _("Cannot parse version string '%s'"),
goto cleanup; lines[0]);
return -1;
} }
return 0;
}
static int
ebiptablesDriverProbeStateMatch(void)
{
virBuffer buf = VIR_BUFFER_INITIALIZER;
unsigned long version;
virFirewallPtr fw = virFirewallNew();
NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
virFirewallStartTransaction(fw, 0);
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
false, ebiptablesDriverProbeStateMatchQuery, &version,
"--version", NULL);
if (virFirewallApply(fw) < 0)
return -1;
/* /*
* since version 1.4.16 '-m state --state ...' will be converted to * since version 1.4.16 '-m state --state ...' will be converted to
* '-m conntrack --ctstate ...' * '-m conntrack --ctstate ...'
*/ */
if (thisversion >= 1 * 1000000 + 4 * 1000 + 16) if (version >= 1 * 1000000 + 4 * 1000 + 16)
newMatchState = true; newMatchState = true;
cleanup: return 0;
VIR_FREE(cmdout);
return;
} }
static int static int
@ -4000,7 +4017,8 @@ ebiptablesDriverInit(bool privileged)
if (iptables_cmd_path) { if (iptables_cmd_path) {
ebiptablesDriverProbeCtdir(); ebiptablesDriverProbeCtdir();
ebiptablesDriverProbeStateMatch(); if (ebiptablesDriverProbeStateMatch() < 0)
return -1;
} }
ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED; ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;