From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-firewall v5 1/1] firewall: config: use proxmox-network-api
Date: Mon, 4 Aug 2025 18:24:43 +0200 [thread overview]
Message-ID: <20250804162448.607184-10-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20250804162448.607184-1-s.hanreich@proxmox.com>
proxmox-network-api now provides functions for obtaining the network
interface information directly. Adapt the firewall to use the function
from proxmox-network-api instead.
The name of InterfaceMapping has changed during this, so adapt the
firewall to use the new name for the struct.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
proxmox-firewall/Cargo.toml | 3 +-
proxmox-firewall/src/config.rs | 33 ++++++---------------
proxmox-firewall/tests/integration_tests.rs | 8 ++---
3 files changed, 14 insertions(+), 30 deletions(-)
diff --git a/proxmox-firewall/Cargo.toml b/proxmox-firewall/Cargo.toml
index f7ef47e..2f247c3 100644
--- a/proxmox-firewall/Cargo.toml
+++ b/proxmox-firewall/Cargo.toml
@@ -21,8 +21,9 @@ serde_json = "1"
signal-hook = "0.3"
proxmox-log = "1"
-proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
proxmox-network-types = { workspace = true }
+proxmox-network-api = { version = "1", features = [ "impl" ] }
+proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
proxmox-ve-config = { workspace = true }
[dev-dependencies]
diff --git a/proxmox-firewall/src/config.rs b/proxmox-firewall/src/config.rs
index 6e357a1..d6a4df5 100644
--- a/proxmox-firewall/src/config.rs
+++ b/proxmox-firewall/src/config.rs
@@ -3,7 +3,7 @@ use std::default::Default;
use std::fs::{self, DirEntry, File, ReadDir};
use std::io::{self, BufReader};
-use anyhow::{Context, Error, bail, format_err};
+use anyhow::{bail, format_err, Context, Error};
use proxmox_log as log;
@@ -15,13 +15,12 @@ use proxmox_ve_config::firewall::types::alias::{Alias, AliasName, AliasScope};
use proxmox_ve_config::guest::types::Vmid;
use proxmox_ve_config::guest::{GuestEntry, GuestMap};
-use proxmox_ve_config::host::network::InterfaceMapping;
-use proxmox_ve_config::host::network::IpLink;
use proxmox_ve_config::host::types::BridgeName;
-use proxmox_nftables::NftClient;
+use proxmox_network_api::{get_network_interfaces, AltnameMapping};
use proxmox_nftables::command::{CommandOutput, Commands, List, ListOutput};
use proxmox_nftables::types::ListChain;
+use proxmox_nftables::NftClient;
use proxmox_ve_config::sdn::{
config::{RunningConfig, SdnConfig},
ipam::{Ipam, IpamJson},
@@ -44,7 +43,7 @@ pub trait FirewallConfigLoader {
&self,
bridge_name: &BridgeName,
) -> Result<Option<Box<dyn io::BufRead>>, Error>;
- fn interface_mapping(&self) -> Result<InterfaceMapping, Error>;
+ fn interface_mapping(&self) -> Result<AltnameMapping, Error>;
}
#[derive(Default)]
@@ -227,24 +226,10 @@ impl FirewallConfigLoader for PveFirewallConfigLoader {
Ok(None)
}
- fn interface_mapping(&self) -> Result<InterfaceMapping, Error> {
- let output = std::process::Command::new("ip")
- .arg("-details")
- .arg("-json")
- .arg("link")
- .arg("show")
- .stdout(std::process::Stdio::piped())
- .output()
- .with_context(|| "could not obtain ip link output")?;
-
- if !output.status.success() {
- bail!("ip link returned non-zero exit code")
- }
-
- Ok(serde_json::from_slice::<Vec<IpLink>>(&output.stdout)
- .with_context(|| "could not deserialize ip link output")?
- .into_iter()
- .collect())
+ fn interface_mapping(&self) -> Result<AltnameMapping, Error> {
+ Ok(AltnameMapping::from_iter(
+ get_network_interfaces()?.into_values(),
+ ))
}
}
@@ -280,7 +265,7 @@ pub struct FirewallConfig {
nft_config: BTreeMap<String, ListChain>,
sdn_config: Option<SdnConfig>,
ipam_config: Option<Ipam>,
- interface_mapping: InterfaceMapping,
+ interface_mapping: AltnameMapping,
}
impl FirewallConfig {
diff --git a/proxmox-firewall/tests/integration_tests.rs b/proxmox-firewall/tests/integration_tests.rs
index 69f9cc2..2c550eb 100644
--- a/proxmox-firewall/tests/integration_tests.rs
+++ b/proxmox-firewall/tests/integration_tests.rs
@@ -1,9 +1,9 @@
use anyhow::{Context, Error};
-use proxmox_ve_config::host::network::InterfaceMapping;
use std::collections::HashMap;
use proxmox_firewall::config::{FirewallConfig, FirewallConfigLoader, NftConfigLoader};
use proxmox_firewall::firewall::Firewall;
+use proxmox_network_api::AltnameMapping;
use proxmox_nftables::command::CommandOutput;
use proxmox_sys::nodename;
use proxmox_ve_config::guest::types::Vmid;
@@ -93,10 +93,8 @@ impl FirewallConfigLoader for MockFirewallConfigLoader {
Ok(None)
}
- fn interface_mapping(
- &self,
- ) -> Result<proxmox_ve_config::host::network::InterfaceMapping, Error> {
- Ok(InterfaceMapping::from_iter(vec![]))
+ fn interface_mapping(&self) -> Result<AltnameMapping, Error> {
+ Ok(AltnameMapping::from_iter(vec![]))
}
}
--
2.47.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-08-04 16:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-04 16:24 [pbs-devel] [PATCH proxmox{-ve-rs, , -backup, -firewall, -network-interface-pinning} v5 00/10] proxmox-network-interface-pinning Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-ve-rs v5 1/1] host: network: move to proxmox-network-api Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox v5 1/3] pbs-api-types: use proxmox-network-api types Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox v5 2/3] proxmox-network-api: use ip link for querying interface information Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox v5 3/3] network-api: add rename_interfaces method Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-backup v5 1/4] config: network: move to proxmox-network-api Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-backup v5 2/4] metric_collection: use ip link for determining the type of interfaces Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-backup v5 3/4] docs: add documentation for proxmox-network-interface-pinning Stefan Hanreich
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-backup v5 4/4] ui: show altnames Stefan Hanreich
2025-08-04 16:24 ` Stefan Hanreich [this message]
2025-08-04 16:24 ` [pbs-devel] [PATCH proxmox-network-interface-pinning v5 1/1] initial commit Stefan Hanreich
2025-08-05 10:34 ` [pbs-devel] applied-series: [PATCH proxmox{-ve-rs, , -backup, -firewall, -network-interface-pinning} v5 00/10] proxmox-network-interface-pinning Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250804162448.607184-10-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox