From patchwork Sat Apr 23 19:39:38 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 66530 Delivered-To: patch@linaro.org Received: by 10.140.93.198 with SMTP id d64csp303616qge; Sat, 23 Apr 2016 12:42:41 -0700 (PDT) X-Received: by 10.194.133.161 with SMTP id pd1mr30243706wjb.66.1461440560977; Sat, 23 Apr 2016 12:42:40 -0700 (PDT) Return-Path: Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com. [209.132.183.24]) by mx.google.com with ESMTPS id a71si2073149wma.36.2016.04.23.12.42.40 (version=TLS1 cipher=AES128-SHA bits=128/128); Sat, 23 Apr 2016 12:42:40 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.24 as permitted sender) client-ip=209.132.183.24; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.24 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id u3NJdhdU001061; Sat, 23 Apr 2016 15:39:44 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id u3NJdgaS027139 for ; Sat, 23 Apr 2016 15:39:42 -0400 Received: from colepc.redhat.com (ovpn-113-101.phx2.redhat.com [10.3.113.101]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u3NJdeck008282; Sat, 23 Apr 2016 15:39:41 -0400 From: Cole Robinson To: libvirt-list@redhat.com Date: Sat, 23 Apr 2016 15:39:38 -0400 Message-Id: <9f305726023e7e2ca017d664150d01de3c8e05ba.1461440358.git.crobinso@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-loop: libvir-list@redhat.com Cc: Andrea Bolognani , Laine Stump Subject: [libvirt] [PATCH v2] configure: Remove build time checks for (ip|ip6|eb)tables X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com And the 'ip' tool. There isn't much benefit to checking this at configure time when we have infrastructure nowadays for looking up binaries in the PATH --- v2: Keep the virFileIsExecutable check configure.ac | 12 ------ src/util/virfirewall.c | 18 +++++---- src/util/virnetdev.c | 6 +-- tests/virfirewalltest.c | 98 ++++++++++++++++++++++++------------------------- 4 files changed, 62 insertions(+), 72 deletions(-) -- 2.7.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/configure.ac b/configure.ac index de5f430..35ae16e 100644 --- a/configure.ac +++ b/configure.ac @@ -694,18 +694,6 @@ if test x"$with_rhel5_api" = x"yes"; then AC_DEFINE([WITH_RHEL5_API], [1], [whether building for the RHEL-5 API]) fi -AC_PATH_PROG([IP_PATH], [ip], /sbin/ip, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IP_PATH], "$IP_PATH", [path to ip binary]) - -AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables binary]) - -AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables binary]) - -AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables binary]) - dnl dnl Checks for the OpenVZ driver diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index f26fd86..0c8e3bf 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -47,9 +47,9 @@ typedef virFirewallGroup *virFirewallGroupPtr; VIR_ENUM_DECL(virFirewallLayerCommand) VIR_ENUM_IMPL(virFirewallLayerCommand, VIR_FIREWALL_LAYER_LAST, - EBTABLES_PATH, - IPTABLES_PATH, - IP6TABLES_PATH); + "ebtables", + "iptables", + "ip6tables"); VIR_ENUM_DECL(virFirewallLayerFirewallD) VIR_ENUM_IMPL(virFirewallLayerFirewallD, VIR_FIREWALL_LAYER_LAST, @@ -134,13 +134,13 @@ static void virFirewallCheckUpdateLocking(void) { const char *iptablesArgs[] = { - IPTABLES_PATH, "-w", "-L", "-n", NULL, + "iptables", "-w", "-L", "-n", NULL, }; const char *ip6tablesArgs[] = { - IP6TABLES_PATH, "-w", "-L", "-n", NULL, + "ip6tables", "-w", "-L", "-n", NULL, }; const char *ebtablesArgs[] = { - EBTABLES_PATH, "--concurrent", "-L", NULL, + "ebtables", "--concurrent", "-L", NULL, }; if (lockOverride) return; @@ -182,17 +182,19 @@ virFirewallValidateBackend(virFirewallBackend backend) if (backend == VIR_FIREWALL_BACKEND_DIRECT) { const char *commands[] = { - IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH + "iptables", "ip6tables", "ebtables" }; size_t i; for (i = 0; i < ARRAY_CARDINALITY(commands); i++) { - if (!virFileIsExecutable(commands[i])) { + char *path = virFindFileInPath(commands[i]); + if (!path || !virFileIsExecutable(path)) { virReportSystemError(errno, _("direct firewall backend requested, but %s is not available"), commands[i]); return -1; } + VIR_FREE(path); } VIR_DEBUG("found iptables/ip6tables/ebtables, using direct backend"); } diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index bb17b84..75e45fd 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1469,7 +1469,7 @@ int virNetDevSetIPAddress(const char *ifname, virCommandAddArgList(cmd, "broadcast", bcaststr, NULL); virCommandAddArg(cmd, "alias"); # else - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "addr", "add", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); if (peerstr) @@ -1506,7 +1506,7 @@ virNetDevAddRoute(const char *ifname, goto cleanup; if (!(gatewaystr = virSocketAddrFormat(gateway))) goto cleanup; - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "route", "add", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArgList(cmd, "via", gatewaystr, "dev", ifname, @@ -1544,7 +1544,7 @@ int virNetDevClearIPAddress(const char *ifname, virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArg(cmd, "-alias"); # else - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "addr", "del", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArgList(cmd, "dev", ifname, NULL); diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index f1f29c6..976e883 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -128,11 +128,11 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block, if (fwBuf) { if (STREQ(type, "ipv4")) - virBufferAddLit(fwBuf, IPTABLES_PATH); + virBufferAddLit(fwBuf, "iptables"); else if (STREQ(type, "ipv4")) - virBufferAddLit(fwBuf, IP6TABLES_PATH); + virBufferAddLit(fwBuf, "ip6tables"); else - virBufferAddLit(fwBuf, EBTABLES_PATH); + virBufferAddLit(fwBuf, "ebtables"); } for (i = 0; i < nargs; i++) { if (fwBuf) { @@ -204,8 +204,8 @@ testFirewallSingleGroup(const void *opaque) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -263,8 +263,8 @@ testFirewallRemoveRule(const void *opaque) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; virFirewallRulePtr fwrule; @@ -329,10 +329,10 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -423,10 +423,10 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -498,10 +498,10 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -572,8 +572,8 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -642,11 +642,11 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -732,10 +732,10 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -825,14 +825,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -976,11 +976,11 @@ testFirewallQueryHook(const char *const*args, int *status, void *opaque ATTRIBUTE_UNUSED) { - if (STREQ(args[0], IPTABLES_PATH) && + if (STREQ(args[0], "iptables") && STREQ(args[1], "-L")) { if (VIR_STRDUP(*output, TEST_FILTER_TABLE_LIST) < 0) *status = 127; - } else if (STREQ(args[0], IPTABLES_PATH) && + } else if (STREQ(args[0], "iptables") && STREQ(args[1], "-t") && STREQ(args[2], "nat") && STREQ(args[3], "-L")) { @@ -1026,15 +1026,15 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -L\n" - IPTABLES_PATH " -t nat -L\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.130 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.128 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -L\n" + "iptables -t nat -L\n" + "iptables -A INPUT --source-host 192.168.122.130 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" + "iptables -A INPUT --source-host 192.168.122.128 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; expectedLineNum = 0;