//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
int ebt_handler_deploy(ebt_handler * ebth)
{
int i = 0;
int j = 0;
int k = 0;
int rc = 0;
char cmd[EUCA_MAX_PATH] = "";
if (!ebth || !ebth->init) {
return (1);
}
ebt_handler_update_refcounts(ebth);
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t filter --atomic-init", ebth->cmdprefix, ebth->ebt_filter_file);
rc = system(cmd);
rc = rc >> 8;
if (rc) {
LOGERROR("ebtables-save failed '%s'\n", cmd);
return (1);
}
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t nat --atomic-init", ebth->cmdprefix, ebth->ebt_nat_file);
rc = system(cmd);
rc = rc >> 8;
if (rc) {
LOGERROR("ebtables-save failed '%s'\n", cmd);
return (1);
}
for (i = 0; i < ebth->max_tables; i++) {
for (j = 0; j < ebth->tables[i].max_chains; j++) {
if (strcmp(ebth->tables[i].chains[j].name, "EMPTY") && ebth->tables[i].chains[j].ref_count) {
if (strcmp(ebth->tables[i].chains[j].name, "INPUT") && strcmp(ebth->tables[i].chains[j].name, "OUTPUT") && strcmp(ebth->tables[i].chains[j].name, "FORWARD")
&& strcmp(ebth->tables[i].chains[j].name, "PREROUTING") && strcmp(ebth->tables[i].chains[j].name, "POSTROUTING")) {
if (!strcmp(ebth->tables[i].name, "filter")) {
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t %s -N %s", ebth->cmdprefix, ebth->ebt_filter_file, ebth->tables[i].name,
ebth->tables[i].chains[j].name);
} else if (!strcmp(ebth->tables[i].name, "nat")) {
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t %s -N %s", ebth->cmdprefix, ebth->ebt_nat_file, ebth->tables[i].name,
ebth->tables[i].chains[j].name);
}
rc = system(cmd);
rc = rc >> 8;
LOGTRACE("executed command (exit=%d): %s\n", rc, cmd);
if (rc)
LOGERROR("command failed: exitcode=%d command=%s\n", rc, cmd);
}
}
}
for (j = 0; j < ebth->tables[i].max_chains; j++) {
if (strcmp(ebth->tables[i].chains[j].name, "EMPTY") && ebth->tables[i].chains[j].ref_count) {
for (k = 0; k < ebth->tables[i].chains[j].max_rules; k++) {
if (!strcmp(ebth->tables[i].name, "filter")) {
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t %s -A %s %s", ebth->cmdprefix, ebth->ebt_filter_file, ebth->tables[i].name,
ebth->tables[i].chains[j].name, ebth->tables[i].chains[j].rules[k].ebtrule);
} else if (!strcmp(ebth->tables[i].name, "nat")) {
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t %s -A %s %s", ebth->cmdprefix, ebth->ebt_nat_file, ebth->tables[i].name,
ebth->tables[i].chains[j].name, ebth->tables[i].chains[j].rules[k].ebtrule);
}
rc = system(cmd);
rc = rc >> 8;
LOGTRACE("executed command (exit=%d): %s\n", rc, cmd);
if (rc)
LOGERROR("command failed: exitcode=%d command=%s\n", rc, cmd);
}
}
}
}
return (ebt_system_restore(ebth));
}
/**
* Dumps ebtables hander state to files and restore this ebtables state into system.
*
* @param ebth [in] pointer to the EB table handler structure
*
* @return 0 on success. 1 on failure.
*/
int ebt_handler_deploy(ebt_handler *ebth) {
int i = 0;
int j = 0;
int k = 0;
char cmd[EUCA_MAX_PATH] = "";
if (!ebth || !ebth->init) {
return (1);
}
// Create tmp files as non-root
char *strptr = strdup(ebth->cmdprefix);
ebt_table *tablesbak = ebth->tables;
int maxtablesbak = ebth->max_tables;
ebt_handler_init(ebth, strptr);
ebth->tables = tablesbak;
ebth->max_tables = maxtablesbak;
EUCA_FREE(strptr);
ebt_handler_update_refcounts(ebth);
if (euca_execlp(NULL, ebth->cmdprefix, "ebtables", "--atomic-file", ebth->ebt_filter_file, "-t", "filter", "--atomic-init", NULL) != EUCA_OK) {
LOGERROR("ebtables-save failed\n");
return (1);
}
if (euca_execlp(NULL, ebth->cmdprefix, "ebtables", "--atomic-file", ebth->ebt_nat_file, "-t", "nat", "--atomic-init", NULL) != EUCA_OK) {
LOGERROR("ebtables-save failed\n");
return (1);
}
for (i = 0; i < ebth->max_tables; i++) {
for (j = 0; j < ebth->tables[i].max_chains; j++) {
if (strcmp(ebth->tables[i].chains[j].name, "EMPTY") && ebth->tables[i].chains[j].ref_count) {
if (strcmp(ebth->tables[i].chains[j].name, "INPUT") && strcmp(ebth->tables[i].chains[j].name, "OUTPUT") && strcmp(ebth->tables[i].chains[j].name, "FORWARD")
&& strcmp(ebth->tables[i].chains[j].name, "PREROUTING") && strcmp(ebth->tables[i].chains[j].name, "POSTROUTING")) {
if (!strcmp(ebth->tables[i].name, "filter")) {
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t %s -N %s", ebth->cmdprefix, ebth->ebt_filter_file, ebth->tables[i].name,
ebth->tables[i].chains[j].name);
if (euca_exec(cmd) != EUCA_OK) {
LOGERROR("command failed: command=%s\n", cmd);
}
} else if (!strcmp(ebth->tables[i].name, "nat")) {
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t %s -N %s", ebth->cmdprefix, ebth->ebt_nat_file, ebth->tables[i].name,
ebth->tables[i].chains[j].name);
if (euca_exec(cmd) != EUCA_OK) {
LOGERROR("command failed: command=%s\n", cmd);
}
}
}
}
}
for (j = 0; j < ebth->tables[i].max_chains; j++) {
if (strcmp(ebth->tables[i].chains[j].name, "EMPTY") && ebth->tables[i].chains[j].ref_count) {
for (k = 0; k < ebth->tables[i].chains[j].max_rules; k++) {
if (!strcmp(ebth->tables[i].name, "filter")) {
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t %s -A %s %s", ebth->cmdprefix, ebth->ebt_filter_file, ebth->tables[i].name,
ebth->tables[i].chains[j].name, ebth->tables[i].chains[j].rules[k].ebtrule);
if (euca_exec(cmd) != EUCA_OK) {
LOGERROR("command failed: command=%s\n", cmd);
}
} else if (!strcmp(ebth->tables[i].name, "nat")) {
snprintf(cmd, EUCA_MAX_PATH, "%s ebtables --atomic-file %s -t %s -A %s %s", ebth->cmdprefix, ebth->ebt_nat_file, ebth->tables[i].name,
ebth->tables[i].chains[j].name, ebth->tables[i].chains[j].rules[k].ebtrule);
if (euca_exec(cmd) != EUCA_OK) {
LOGERROR("command failed: command=%s\n", cmd);
}
}
}
}
}
}
return (ebt_system_restore(ebth));
}
