From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-firewall v5 1/1] firewall: config: use proxmox-network-api
Date: Mon, 4 Aug 2025 18:24:43 +0200 [thread overview]
Message-ID: <20250804162448.607184-10-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20250804162448.607184-1-s.hanreich@proxmox.com>
proxmox-network-api now provides functions for obtaining the network
interface information directly. Adapt the firewall to use the function
from proxmox-network-api instead.
The name of InterfaceMapping has changed during this, so adapt the
firewall to use the new name for the struct.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
proxmox-firewall/Cargo.toml | 3 +-
proxmox-firewall/src/config.rs | 33 ++++++---------------
proxmox-firewall/tests/integration_tests.rs | 8 ++---
3 files changed, 14 insertions(+), 30 deletions(-)
diff --git a/proxmox-firewall/Cargo.toml b/proxmox-firewall/Cargo.toml
index f7ef47e..2f247c3 100644
--- a/proxmox-firewall/Cargo.toml
+++ b/proxmox-firewall/Cargo.toml
@@ -21,8 +21,9 @@ serde_json = "1"
signal-hook = "0.3"
proxmox-log = "1"
-proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
proxmox-network-types = { workspace = true }
+proxmox-network-api = { version = "1", features = [ "impl" ] }
+proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
proxmox-ve-config = { workspace = true }
[dev-dependencies]
diff --git a/proxmox-firewall/src/config.rs b/proxmox-firewall/src/config.rs
index 6e357a1..d6a4df5 100644
--- a/proxmox-firewall/src/config.rs
+++ b/proxmox-firewall/src/config.rs
@@ -3,7 +3,7 @@ use std::default::Default;
use std::fs::{self, DirEntry, File, ReadDir};
use std::io::{self, BufReader};
-use anyhow::{Context, Error, bail, format_err};
+use anyhow::{bail, format_err, Context, Error};
use proxmox_log as log;
@@ -15,13 +15,12 @@ use proxmox_ve_config::firewall::types::alias::{Alias, AliasName, AliasScope};
use proxmox_ve_config::guest::types::Vmid;
use proxmox_ve_config::guest::{GuestEntry, GuestMap};
-use proxmox_ve_config::host::network::InterfaceMapping;
-use proxmox_ve_config::host::network::IpLink;
use proxmox_ve_config::host::types::BridgeName;
-use proxmox_nftables::NftClient;
+use proxmox_network_api::{get_network_interfaces, AltnameMapping};
use proxmox_nftables::command::{CommandOutput, Commands, List, ListOutput};
use proxmox_nftables::types::ListChain;
+use proxmox_nftables::NftClient;
use proxmox_ve_config::sdn::{
config::{RunningConfig, SdnConfig},
ipam::{Ipam, IpamJson},
@@ -44,7 +43,7 @@ pub trait FirewallConfigLoader {
&self,
bridge_name: &BridgeName,
) -> Result<Option<Box<dyn io::BufRead>>, Error>;
- fn interface_mapping(&self) -> Result<InterfaceMapping, Error>;
+ fn interface_mapping(&self) -> Result<AltnameMapping, Error>;
}
#[derive(Default)]
@@ -227,24 +226,10 @@ impl FirewallConfigLoader for PveFirewallConfigLoader {
Ok(None)
}
- fn interface_mapping(&self) -> Result<InterfaceMapping, Error> {
- let output = std::process::Command::new("ip")
- .arg("-details")
- .arg("-json")
- .arg("link")
- .arg("show")
- .stdout(std::process::Stdio::piped())
- .output()
- .with_context(|| "could not obtain ip link output")?;
-
- if !output.status.success() {
- bail!("ip link returned non-zero exit code")
- }
-
- Ok(serde_json::from_slice::<Vec<IpLink>>(&output.stdout)
- .with_context(|| "could not deserialize ip link output")?
- .into_iter()
- .collect())
+ fn interface_mapping(&self) -> Result<AltnameMapping, Error> {
+ Ok(AltnameMapping::from_iter(
+ get_network_interfaces()?.into_values(),
+ ))
}
}
@@ -280,7 +265,7 @@ pub struct FirewallConfig {
nft_config: BTreeMap<String, ListChain>,
sdn_config: Option<SdnConfig>,
ipam_config: Option<Ipam>,
- interface_mapping: InterfaceMapping,
+ interface_mapping: AltnameMapping,
}
impl FirewallConfig {
diff --git a/proxmox-firewall/tests/integration_tests.rs b/proxmox-firewall/tests/integration_tests.rs
index 69f9cc2..2c550eb 100644
--- a/proxmox-firewall/tests/integration_tests.rs
+++ b/proxmox-firewall/tests/integration_tests.rs
@@ -1,9 +1,9 @@
use anyhow::{Context, Error};
-use proxmox_ve_config::host::network::InterfaceMapping;
use std::collections::HashMap;
use proxmox_firewall::config::{FirewallConfig, FirewallConfigLoader, NftConfigLoader};
use proxmox_firewall::firewall::Firewall;
+use proxmox_network_api::AltnameMapping;
use proxmox_nftables::command::CommandOutput;
use proxmox_sys::nodename;
use proxmox_ve_config::guest::types::Vmid;
@@ -93,10 +93,8 @@ impl FirewallConfigLoader for MockFirewallConfigLoader {
Ok(None)
}
- fn interface_mapping(
- &self,
- ) -> Result<proxmox_ve_config::host::network::InterfaceMapping, Error> {
- Ok(InterfaceMapping::from_iter(vec![]))
+ fn interface_mapping(&self) -> Result<AltnameMapping, Error> {
+ Ok(AltnameMapping::from_iter(vec![]))
}
}
--
2.47.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-08-04 16:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-04 16:24 [pbs-devel] [PATCH proxmox{-ve-rs, , -backup, -firewall, -network-interface-pinning} v5 00/10] proxmox-network-interface-pinning Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-ve-rs v5 1/1] host: network: move to proxmox-network-api Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox v5 1/3] pbs-api-types: use proxmox-network-api types Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox v5 2/3] proxmox-network-api: use ip link for querying interface information Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox v5 3/3] network-api: add rename_interfaces method Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-backup v5 1/4] config: network: move to proxmox-network-api Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-backup v5 2/4] metric_collection: use ip link for determining the type of interfaces Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-backup v5 3/4] docs: add documentation for proxmox-network-interface-pinning Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-backup v5 4/4] ui: show altnames Stefan Hanreich
2025-08-04 16:24 ` Stefan Hanreich [this message]
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-network-interface-pinning v5 1/1] initial commit Stefan Hanreich
2025-08-05 10:34 ` [pbs-devel] applied-series: [PATCH proxmox{-ve-rs, , -backup, -firewall, -network-interface-pinning} v5 00/10] proxmox-network-interface-pinning Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250804162448.607184-10-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.