Convert ebiptablesDriverProbeStateMatch to virFirewall

Conver the ebiptablesDriverProbeStateMatch initialization check to use the virFirewall APIs for querying iptables version. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2025-03-20 06:50:22 +03:00 · 2014-03-31 12:58:20 +01:00 · 2014-03-31 12:58:20 +01:00 · 70571ccc98
commit 70571ccc98
parent 001130c096
1 changed files with 43 additions and 25 deletions
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@ -3923,45 +3923,62 @@ ebiptablesDriverProbeCtdir(void)
        iptables_ctdir_corrected = CTDIR_STATUS_OLD;
 }
-static void
+
-ebiptablesDriverProbeStateMatch(void)
+static int
 ebiptablesDriverProbeStateMatchQuery(virFirewallPtr fw ATTRIBUTE_UNUSED,
                                     const char *const *lines,
                                     void *opaque)
 {
-    virBuffer buf = VIR_BUFFER_INITIALIZER;
+    unsigned long *version = opaque;
-    char *cmdout = NULL, *version;
+    char *tmp;
    unsigned long thisversion;
-    NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
+    if (!lines || !lines[0]) {
-
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-    virBufferAsprintf(&buf,
+                       _("No output from iptables --version"));
-                      "$IPT --version");
+        return -1;
    if (ebiptablesExecCLI(&buf, false, &cmdout) < 0) {
        VIR_ERROR(_("Testing of iptables command failed: %s"),
                  cmdout);
        return;
    }
    /*
     * we expect output in the format
-     * iptables v1.4.16
+     * 'iptables v1.4.16'
     */
-    if (!(version = strchr(cmdout, 'v')) ||
+    if (!(tmp = strchr(lines[0], 'v')) ||
-        virParseVersionString(version + 1, &thisversion, true) < 0) {
+        virParseVersionString(tmp + 1, version, true) < 0) {
-        VIR_ERROR(_("Could not determine iptables version from string %s"),
+        virReportError(VIR_ERR_INTERNAL_ERROR,
-                  cmdout);
+                       _("Cannot parse version string '%s'"),
-        goto cleanup;
+                       lines[0]);
        return -1;
    }
    return 0;
 }
 static int
 ebiptablesDriverProbeStateMatch(void)
 {
    virBuffer buf = VIR_BUFFER_INITIALIZER;
    unsigned long version;
    virFirewallPtr fw = virFirewallNew();
    NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
    virFirewallStartTransaction(fw, 0);
    virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
                           false, ebiptablesDriverProbeStateMatchQuery, &version,
                           "--version", NULL);
    if (virFirewallApply(fw) < 0)
        return -1;
    /*
     * since version 1.4.16 '-m state --state ...' will be converted to
     * '-m conntrack --ctstate ...'
     */
-    if (thisversion >= 1 * 1000000 + 4 * 1000 + 16)
+    if (version >= 1 * 1000000 + 4 * 1000 + 16)
        newMatchState = true;
- cleanup:
+    return 0;
    VIR_FREE(cmdout);
    return;
 }
 static int
@ -4000,7 +4017,8 @@ ebiptablesDriverInit(bool privileged)
    if (iptables_cmd_path) {
        ebiptablesDriverProbeCtdir();
-        ebiptablesDriverProbeStateMatch();
+        if (ebiptablesDriverProbeStateMatch() < 0)
            return -1;
    }
    ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;