all lists on lists.proxmox.com
 help / color / mirror / Atom feed
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-firewall 1/1] firewall: config: use proxmox-network-api
Date: Tue, 29 Jul 2025 18:56:52 +0200	[thread overview]
Message-ID: <20250729165655.681368-8-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20250729165655.681368-1-s.hanreich@proxmox.com>

proxmox-network-api now provides functions for obtaining the network
interface information directly. Adapt the firewall to use the function
from proxmox-network-api instead.

The name of InterfaceMapping has changed during this, so adapt the
firewall to use the new name for the struct.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 proxmox-firewall/Cargo.toml                 |  3 ++-
 proxmox-firewall/src/config.rs              | 29 +++++----------------
 proxmox-firewall/tests/integration_tests.rs |  8 +++---
 3 files changed, 12 insertions(+), 28 deletions(-)

diff --git a/proxmox-firewall/Cargo.toml b/proxmox-firewall/Cargo.toml
index 24f4dc6..468e2b5 100644
--- a/proxmox-firewall/Cargo.toml
+++ b/proxmox-firewall/Cargo.toml
@@ -21,8 +21,9 @@ serde_json = "1"
 signal-hook = "0.3"
 
 proxmox-log = "1"
-proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
 proxmox-network-types = { workspace = true }
+proxmox-network-api = { version = "1", features = [ "impl" ] }
+proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
 proxmox-ve-config = { workspace = true }
 
 [dev-dependencies]
diff --git a/proxmox-firewall/src/config.rs b/proxmox-firewall/src/config.rs
index 65926ea..d6a4df5 100644
--- a/proxmox-firewall/src/config.rs
+++ b/proxmox-firewall/src/config.rs
@@ -15,10 +15,9 @@ use proxmox_ve_config::firewall::types::alias::{Alias, AliasName, AliasScope};
 
 use proxmox_ve_config::guest::types::Vmid;
 use proxmox_ve_config::guest::{GuestEntry, GuestMap};
-use proxmox_ve_config::host::network::InterfaceMapping;
-use proxmox_ve_config::host::network::IpLink;
 use proxmox_ve_config::host::types::BridgeName;
 
+use proxmox_network_api::{get_network_interfaces, AltnameMapping};
 use proxmox_nftables::command::{CommandOutput, Commands, List, ListOutput};
 use proxmox_nftables::types::ListChain;
 use proxmox_nftables::NftClient;
@@ -44,7 +43,7 @@ pub trait FirewallConfigLoader {
         &self,
         bridge_name: &BridgeName,
     ) -> Result<Option<Box<dyn io::BufRead>>, Error>;
-    fn interface_mapping(&self) -> Result<InterfaceMapping, Error>;
+    fn interface_mapping(&self) -> Result<AltnameMapping, Error>;
 }
 
 #[derive(Default)]
@@ -227,24 +226,10 @@ impl FirewallConfigLoader for PveFirewallConfigLoader {
         Ok(None)
     }
 
-    fn interface_mapping(&self) -> Result<InterfaceMapping, Error> {
-        let output = std::process::Command::new("ip")
-            .arg("-details")
-            .arg("-json")
-            .arg("link")
-            .arg("show")
-            .stdout(std::process::Stdio::piped())
-            .output()
-            .with_context(|| "could not obtain ip link output")?;
-
-        if !output.status.success() {
-            bail!("ip link returned non-zero exit code")
-        }
-
-        Ok(serde_json::from_slice::<Vec<IpLink>>(&output.stdout)
-            .with_context(|| "could not deserialize ip link output")?
-            .into_iter()
-            .collect())
+    fn interface_mapping(&self) -> Result<AltnameMapping, Error> {
+        Ok(AltnameMapping::from_iter(
+            get_network_interfaces()?.into_values(),
+        ))
     }
 }
 
@@ -280,7 +265,7 @@ pub struct FirewallConfig {
     nft_config: BTreeMap<String, ListChain>,
     sdn_config: Option<SdnConfig>,
     ipam_config: Option<Ipam>,
-    interface_mapping: InterfaceMapping,
+    interface_mapping: AltnameMapping,
 }
 
 impl FirewallConfig {
diff --git a/proxmox-firewall/tests/integration_tests.rs b/proxmox-firewall/tests/integration_tests.rs
index 69f9cc2..2c550eb 100644
--- a/proxmox-firewall/tests/integration_tests.rs
+++ b/proxmox-firewall/tests/integration_tests.rs
@@ -1,9 +1,9 @@
 use anyhow::{Context, Error};
-use proxmox_ve_config::host::network::InterfaceMapping;
 use std::collections::HashMap;
 
 use proxmox_firewall::config::{FirewallConfig, FirewallConfigLoader, NftConfigLoader};
 use proxmox_firewall::firewall::Firewall;
+use proxmox_network_api::AltnameMapping;
 use proxmox_nftables::command::CommandOutput;
 use proxmox_sys::nodename;
 use proxmox_ve_config::guest::types::Vmid;
@@ -93,10 +93,8 @@ impl FirewallConfigLoader for MockFirewallConfigLoader {
         Ok(None)
     }
 
-    fn interface_mapping(
-        &self,
-    ) -> Result<proxmox_ve_config::host::network::InterfaceMapping, Error> {
-        Ok(InterfaceMapping::from_iter(vec![]))
+    fn interface_mapping(&self) -> Result<AltnameMapping, Error> {
+        Ok(AltnameMapping::from_iter(vec![]))
     }
 }
 
-- 
2.47.2


_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel


  parent reply	other threads:[~2025-07-29 16:56 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-29 16:56 [pbs-devel] [PATCH proxmox{-ve-rs, , -backup, -firewall, -network-interface-pinning} 0/8] proxmox-network-interface-pinning Stefan Hanreich
2025-07-29 16:56 ` [pbs-devel] [PATCH proxmox-ve-rs 1/1] host: network: move to proxmox-network-api Stefan Hanreich
2025-07-29 16:56 ` [pbs-devel] [PATCH proxmox 1/3] pbs-api-types: use proxmox-network-api types Stefan Hanreich
2025-07-29 16:56 ` [pbs-devel] [PATCH proxmox 2/3] proxmox-network-api: use ip link for querying interface information Stefan Hanreich
2025-07-29 16:56 ` [pbs-devel] [PATCH proxmox 3/3] network-api: add rename_interfaces method Stefan Hanreich
2025-07-29 16:56 ` [pbs-devel] [PATCH proxmox-backup 1/2] config: network: move to proxmox-network-api Stefan Hanreich
2025-07-29 16:56 ` [pbs-devel] [PATCH proxmox-backup 2/2] metric_collection: use ip link for determining the type of interfaces Stefan Hanreich
2025-07-29 16:56 ` Stefan Hanreich [this message]
2025-07-29 16:56 ` [pbs-devel] [PATCH proxmox-network-interface-pinning 1/1] initial commit Stefan Hanreich
2025-07-30 13:07   ` Thomas Lamprecht
2025-07-30 13:14     ` Stefan Hanreich
2025-07-30 13:24       ` Thomas Lamprecht
2025-07-30 13:30         ` Fabian Grünbichler
2025-07-30 13:35           ` Stefan Hanreich
2025-07-30 13:42             ` Thomas Lamprecht
2025-07-30 14:37 ` [pbs-devel] superseded: [PATCH proxmox{-ve-rs, , -backup, -firewall, -network-interface-pinning} 0/8] proxmox-network-interface-pinning Stefan Hanreich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250729165655.681368-8-s.hanreich@proxmox.com \
    --to=s.hanreich@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal