[Xen-devel] [PATCH RFC 1/2] hotplug/linux: Break out frob_iptable_command, and improve logging

[Ian Jackson <ian.jackson@xxxxxxxxxxxxx>]

Move the actual execution of `iptable' into a new function which
captures the stderr, and logs it.  The actual `iptables' command is a
parameter to `frob_iptable_command' so that in future we can reuse
this subroutine for `ip6tables'.

No functional change other than to log messages.

Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
---
 tools/hotplug/Linux/vif-common.sh | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/tools/hotplug/Linux/vif-common.sh 
b/tools/hotplug/Linux/vif-common.sh
index 77d139d..20cb6a7 100644
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -120,8 +120,10 @@ fi
 ip=${ip:-}
 ip=$(xenstore_read_default "$XENBUS_PATH/ip" "$ip")
 
-frob_iptable()
+frob_iptable_command()
 {
+  local iptables=$1; shift
+
   if [ "$command" == "online" -o "$command" == "add" ]
   then
     local c="-I"
@@ -129,17 +131,21 @@ frob_iptable()
     local c="-D"
   fi
 
-  iptables "$c" FORWARD -w $dev_in_match "$dev" \
-    "$@" -j ACCEPT 2>/dev/null &&
-  iptables "$c" FORWARD -w $dev_out_match "$dev" \
-    -j ACCEPT 2>/dev/null
-
+  local errormsg=$("$iptables" "$c" "$@" 2>&1)
   if [ \( "$command" == "online" -o "$command" == "add" \) -a $? -ne 0 ]
   then
-    log err "iptables setup failed. This may affect guest networking."
+    log err "iptables setup failed. This may affect guest networking. 
($iptables $c $*: $errormsg)"
   fi
 }
 
+frob_iptable()
+{
+  frob_iptable_command iptables FORWARD -w $dev_in_match "$dev" \
+    "$@" -j ACCEPT 2>/dev/null
+  frob_iptable_command iptables FORWARD -w $dev_out_match "$dev" \
+    -j ACCEPT 2>/dev/null
+}
+
 
 ##
 # Add or remove the appropriate entries in the iptables.  With antispoofing
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel