Avoid touching iptables config (BZ 517617)
by David Lutterkort
These patches make it so that netcf does not unnecessarily modify iptables
config. When /proc/sys/net/bridge/bridge-nf-call-iptables is 0, bridge
packets won't be seen by iptables, and there is no need to instruct
iptables to forward them.
Rather than always setting bridge-nf-call-iptables to 0, we do not modify
it; if it is set to 1 (which should be the rare exception on newer
installations), we still modify the iptables config. We assume that
bridge-nf-call-iptables was set to 1 for a good reason, and do not want to
force bridge packets to bypass iptables, because it is likely that iptables
does something meaningful in this case.
David
14 years, 8 months
Improved logic for finding ifcfg- files (BZ 512950)
by David Lutterkort
When we look for the ifcfg file for an interface DEV, we can't just blindly
take ifcfg-$DEV, since that might not exist, or even the ifcfg file with an
entry 'DEVICE=$DEV', since there might be multiple such files.
Instead, we need to follow the logic in need_config in
/etc/sysconfig/network-scripts/network-functions; that logic is
* ignore any ifcfg file whose extension matches __sed_discard_ignored_files
* if ifcfg-$DEV exists, use that
* get the MAC address of $DEV and find the ifcfg file with a
matching HWADDR= entry. If that exists, use it
* use an ifcfg-* file with entry DEVICE=$DEV (the first one that appears
when expanding hte glob ifcfg-*)
All this was sparked by BZ 512590, where danpb noticed that netcf stumbles
over editor backup files.
David
14 years, 8 months
[PATCH] Fix conversion of XML DOM's into strings
by David Lutterkort
We should not use xmlDocDumpFormatMemory to convert a DOM we got from
applying a stylesheet to a string; the proper API to use is
xsltSaveResultToString.
* src/dutil.h (apply_stylesheet_to_string): new function
* src/dutil.c (apply_stylesheet_to_string): new function
* src/dutil.c (dutil_get_aug, dutil_put_aug): use
apply_stylesheet_to_string
* src/drv_initscripts.c (drv_xml_desc): use apply_stylesheet_to_string
---
src/drv_initscripts.c | 6 +++---
src/dutil.c | 30 ++++++++++++++++++++++++------
src/dutil.h | 5 +++++
3 files changed, 32 insertions(+), 9 deletions(-)
diff --git a/src/drv_initscripts.c b/src/drv_initscripts.c
index b9ef03c..3da9209 100644
--- a/src/drv_initscripts.c
+++ b/src/drv_initscripts.c
@@ -43,6 +43,7 @@
#include <libxslt/xslt.h>
#include <libxslt/xsltInternals.h>
#include <libxslt/transform.h>
+#include <libxslt/xsltutils.h>
static const char *const ifcfg_path =
"/files/etc/sysconfig/network-scripts/*";
@@ -498,10 +499,9 @@ char *drv_xml_desc(struct netcf_if *nif) {
ERR_BAIL(ncf);
aug_xml = aug_get_xml(ncf, nint, intf);
- ncf_xml = apply_stylesheet(ncf, ncf->driver->put, aug_xml);
- ERR_BAIL(ncf);
- xmlDocDumpFormatMemory(ncf_xml, (xmlChar **) &result, NULL, 1);
+ result = apply_stylesheet_to_string(ncf, ncf->driver->put, aug_xml);
+ ERR_BAIL(ncf);
done:
free_matches(nint, &intf);
diff --git a/src/dutil.c b/src/dutil.c
index 993f715..9c1481e 100644
--- a/src/dutil.c
+++ b/src/dutil.c
@@ -238,6 +238,28 @@ error:
xsltFreeTransformContext(ctxt);
return res;
}
+
+char *apply_stylesheet_to_string(struct netcf *ncf, xsltStylesheetPtr style,
+ xmlDocPtr doc) {
+ xmlDocPtr doc_xfm = NULL;
+ char *result = NULL;
+ int r, result_len;
+
+ doc_xfm = apply_stylesheet(ncf, style, doc);
+ ERR_BAIL(ncf);
+
+ r = xsltSaveResultToString((xmlChar **) &result, &result_len,
+ doc_xfm, style);
+ ERR_COND_BAIL(r < 0, ncf, ENOMEM);
+ xmlFree(doc_xfm);
+ return result;
+
+ error:
+ FREE(result);
+ xmlFreeDoc(doc_xfm);
+ return NULL;
+}
+
/* Callback for reporting RelaxNG errors */
void rng_error(void *ctx, const char *format, ...) {
struct netcf *ncf = ctx;
@@ -392,11 +414,9 @@ int dutil_get_aug(struct netcf *ncf, const char *ncf_xml, char **aug_xml) {
rng_validate(ncf, ncf_doc);
ERR_BAIL(ncf);
- aug_doc = apply_stylesheet(ncf, ncf->driver->get, ncf_doc);
+ *aug_xml = apply_stylesheet_to_string(ncf, ncf->driver->get, ncf_doc);
ERR_BAIL(ncf);
- xmlDocDumpFormatMemory(aug_doc, (xmlChar **) aug_xml, NULL, 1);
- ERR_COND_BAIL(*aug_xml == NULL, ncf, EXMLINVALID);
/* fallthrough intentional */
result = 0;
error:
@@ -413,11 +433,9 @@ int dutil_put_aug(struct netcf *ncf, const char *aug_xml, char **ncf_xml) {
aug_doc = parse_xml(ncf, aug_xml);
ERR_BAIL(ncf);
- ncf_doc = apply_stylesheet(ncf, ncf->driver->put, aug_doc);
+ *ncf_xml = apply_stylesheet_to_string(ncf, ncf->driver->put, aug_doc);
ERR_BAIL(ncf);
- xmlDocDumpFormatMemory(ncf_doc, (xmlChar **) ncf_xml, NULL, 1);
- ERR_COND_BAIL(*ncf_xml == NULL, ncf, EXMLINVALID);
/* fallthrough intentional */
result = 0;
error:
diff --git a/src/dutil.h b/src/dutil.h
index fbf11fb..38aec5f 100644
--- a/src/dutil.h
+++ b/src/dutil.h
@@ -68,6 +68,11 @@ xsltStylesheetPtr parse_stylesheet(struct netcf *ncf, const char *fname);
xmlDocPtr apply_stylesheet(struct netcf *ncf, xsltStylesheetPtr style,
xmlDocPtr doc);
+/* Same as APPLY_STYLESHEET, but convert the resulting XML document into a
+ * string */
+char *apply_stylesheet_to_string(struct netcf *ncf, xsltStylesheetPtr style,
+ xmlDocPtr doc);
+
/* Callback for reporting RelaxNG errors */
void rng_error(void *ctx, const char *format, ...);
--
1.6.2.5
14 years, 8 months
New to netcf - lots of questions
by James Masson
Hi list,
I've been playing with netcf for about a day now, and have loads of questions, if this isn't the
right place to ask, let me know.
At Tradefair, we have our own in house developed network scripts to assemble network connections in
more complicated arrangements than the RHEL 5 network scripts will allow.
Now, the questions....
1) We've heard that netcf will possibly be in RHEL 6, and would like to replace our custom scripts
for something that hopefully will become mainline. - Is it likely netcf will be in RHEL 6?
2) The (limited) documentation, and my testing seems to imply that netcf uses the distribution's
native network configuration files to assemble the network - is this true? Can you assemble network
configurations with netcf that you couldn't with the native scripts alone?
3) The documented configuration examples are fairly limited, and I'm reduced to dumping the
configuration of existing bond/bridge/vlan'd networks to try to figure out how to construct some of
configurations I want. Could you provide an example for the configuration below?
eth5 --\ ---bond0.51 ------ xenbr51
\ /
\___bond0__/
/ \
/ \
eth9 --/ ---bond0.61 ------ xenbr61
regards
James Masson
14 years, 8 months