From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id BE0501FF185 for ; Mon, 4 Aug 2025 18:23:28 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C2A6B369DD; Mon, 4 Aug 2025 18:24:56 +0200 (CEST) From: Stefan Hanreich To: pbs-devel@lists.proxmox.com Date: Mon, 4 Aug 2025 18:24:43 +0200 Message-ID: <20250804162448.607184-10-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250804162448.607184-1-s.hanreich@proxmox.com> References: <20250804162448.607184-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.191 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pbs-devel] [PATCH proxmox-firewall v5 1/1] firewall: config: use proxmox-network-api X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" proxmox-network-api now provides functions for obtaining the network interface information directly. Adapt the firewall to use the function from proxmox-network-api instead. The name of InterfaceMapping has changed during this, so adapt the firewall to use the new name for the struct. Signed-off-by: Stefan Hanreich --- proxmox-firewall/Cargo.toml | 3 +- proxmox-firewall/src/config.rs | 33 ++++++--------------- proxmox-firewall/tests/integration_tests.rs | 8 ++--- 3 files changed, 14 insertions(+), 30 deletions(-) diff --git a/proxmox-firewall/Cargo.toml b/proxmox-firewall/Cargo.toml index f7ef47e..2f247c3 100644 --- a/proxmox-firewall/Cargo.toml +++ b/proxmox-firewall/Cargo.toml @@ -21,8 +21,9 @@ serde_json = "1" signal-hook = "0.3" proxmox-log = "1" -proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] } proxmox-network-types = { workspace = true } +proxmox-network-api = { version = "1", features = [ "impl" ] } +proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] } proxmox-ve-config = { workspace = true } [dev-dependencies] diff --git a/proxmox-firewall/src/config.rs b/proxmox-firewall/src/config.rs index 6e357a1..d6a4df5 100644 --- a/proxmox-firewall/src/config.rs +++ b/proxmox-firewall/src/config.rs @@ -3,7 +3,7 @@ use std::default::Default; use std::fs::{self, DirEntry, File, ReadDir}; use std::io::{self, BufReader}; -use anyhow::{Context, Error, bail, format_err}; +use anyhow::{bail, format_err, Context, Error}; use proxmox_log as log; @@ -15,13 +15,12 @@ use proxmox_ve_config::firewall::types::alias::{Alias, AliasName, AliasScope}; use proxmox_ve_config::guest::types::Vmid; use proxmox_ve_config::guest::{GuestEntry, GuestMap}; -use proxmox_ve_config::host::network::InterfaceMapping; -use proxmox_ve_config::host::network::IpLink; use proxmox_ve_config::host::types::BridgeName; -use proxmox_nftables::NftClient; +use proxmox_network_api::{get_network_interfaces, AltnameMapping}; use proxmox_nftables::command::{CommandOutput, Commands, List, ListOutput}; use proxmox_nftables::types::ListChain; +use proxmox_nftables::NftClient; use proxmox_ve_config::sdn::{ config::{RunningConfig, SdnConfig}, ipam::{Ipam, IpamJson}, @@ -44,7 +43,7 @@ pub trait FirewallConfigLoader { &self, bridge_name: &BridgeName, ) -> Result>, Error>; - fn interface_mapping(&self) -> Result; + fn interface_mapping(&self) -> Result; } #[derive(Default)] @@ -227,24 +226,10 @@ impl FirewallConfigLoader for PveFirewallConfigLoader { Ok(None) } - fn interface_mapping(&self) -> Result { - let output = std::process::Command::new("ip") - .arg("-details") - .arg("-json") - .arg("link") - .arg("show") - .stdout(std::process::Stdio::piped()) - .output() - .with_context(|| "could not obtain ip link output")?; - - if !output.status.success() { - bail!("ip link returned non-zero exit code") - } - - Ok(serde_json::from_slice::>(&output.stdout) - .with_context(|| "could not deserialize ip link output")? - .into_iter() - .collect()) + fn interface_mapping(&self) -> Result { + Ok(AltnameMapping::from_iter( + get_network_interfaces()?.into_values(), + )) } } @@ -280,7 +265,7 @@ pub struct FirewallConfig { nft_config: BTreeMap, sdn_config: Option, ipam_config: Option, - interface_mapping: InterfaceMapping, + interface_mapping: AltnameMapping, } impl FirewallConfig { diff --git a/proxmox-firewall/tests/integration_tests.rs b/proxmox-firewall/tests/integration_tests.rs index 69f9cc2..2c550eb 100644 --- a/proxmox-firewall/tests/integration_tests.rs +++ b/proxmox-firewall/tests/integration_tests.rs @@ -1,9 +1,9 @@ use anyhow::{Context, Error}; -use proxmox_ve_config::host::network::InterfaceMapping; use std::collections::HashMap; use proxmox_firewall::config::{FirewallConfig, FirewallConfigLoader, NftConfigLoader}; use proxmox_firewall::firewall::Firewall; +use proxmox_network_api::AltnameMapping; use proxmox_nftables::command::CommandOutput; use proxmox_sys::nodename; use proxmox_ve_config::guest::types::Vmid; @@ -93,10 +93,8 @@ impl FirewallConfigLoader for MockFirewallConfigLoader { Ok(None) } - fn interface_mapping( - &self, - ) -> Result { - Ok(InterfaceMapping::from_iter(vec![])) + fn interface_mapping(&self) -> Result { + Ok(AltnameMapping::from_iter(vec![])) } } -- 2.47.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel