Re: [libvirt] [PATCH 24/26] Convert ebiptablesDriverProbeStateMatch to virFirewall

Conver the ebiptablesDriverProbeStateMatch initialization check to use the virFirewall APIs for querying iptables version. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/nwfilter/nwfilter_ebiptables_driver.c | 68 +++++++++++++++++++------------ 1 file changed, 43 insertions(+), 25 deletions(-) diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 835e068..8f237a2 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -3915,45 +3915,62 @@ ebiptablesDriverProbeCtdir(void) iptables_ctdir_corrected = CTDIR_STATUS_OLD; } -static void -ebiptablesDriverProbeStateMatch(void) -{ - virBuffer buf = VIR_BUFFER_INITIALIZER; - char *cmdout = NULL, *version; - unsigned long thisversion; - NWFILTER_SET_IPTABLES_SHELLVAR(&buf); - - virBufferAsprintf(&buf, - "$IPT --version"); +static int +ebiptablesDriverProbeStateMatchQuery(virFirewallPtr fw ATTRIBUTE_UNUSED, + const char *const *lines, + void *opaque) +{ + unsigned long *version = opaque; + char *tmp; - if (ebiptablesExecCLI(&buf, false, &cmdout) < 0) { - VIR_ERROR(_("Testing of iptables command failed: %s"), - cmdout); - return; + if (!lines || !lines[0]) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No output from iptables --version")); + return -1; } /* * we expect output in the format - * iptables v1.4.16 + * 'iptables v1.4.16' */ - if (!(version = strchr(cmdout, 'v')) || - virParseVersionString(version + 1, &thisversion, true) < 0) { - VIR_ERROR(_("Could not determine iptables version from string %s"), - cmdout); - goto cleanup; + if (!(tmp = strchr(lines[0], 'v')) || + virParseVersionString(tmp + 1, version, true) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot parse version string '%s'"), + lines[0]); + return -1; } + return 0; +} + + +static int +ebiptablesDriverProbeStateMatch(void) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + unsigned long version; + virFirewallPtr fw = virFirewallNew(); + + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + virFirewallStartTransaction(fw, 0); + virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, + false, ebiptablesDriverProbeStateMatchQuery, &version, + "--version", NULL); + + if (virFirewallApply(fw) < 0) + return -1; + /* * since version 1.4.16 '-m state --state ...' will be converted to * '-m conntrack --ctstate ...' */ - if (thisversion >= 1 * 1000000 + 4 * 1000 + 16) + if (version >= 1 * 1000000 + 4 * 1000 + 16) newMatchState = true; - cleanup: - VIR_FREE(cmdout); - return; + return 0; } static int @@ -3992,7 +4009,8 @@ ebiptablesDriverInit(bool privileged) if (iptables_cmd_path) { ebiptablesDriverProbeCtdir(); - ebiptablesDriverProbeStateMatch(); + if (ebiptablesDriverProbeStateMatch() < 0) + return -1; } ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;