Extend nspawn so it can keep track of one ipv4 and one ipv6 address.
#include "sd-netlink.h"
+#include "af-list.h"
#include "alloc-util.h"
#include "fd-util.h"
#include "firewall-util.h"
}
}
-int expose_port_flush(FirewallContext **fw_ctx, ExposePort* l, union in_addr_union *exposed) {
+int expose_port_flush(FirewallContext **fw_ctx, ExposePort* l, int af, union in_addr_union *exposed) {
ExposePort *p;
- int r, af = AF_INET;
+ int r;
assert(exposed);
p->container_port,
NULL);
if (r < 0)
- log_warning_errno(r, "Failed to modify firewall: %m");
+ log_warning_errno(r, "Failed to modify %s firewall: %m", af_to_name(af));
}
*exposed = IN_ADDR_NULL;
return 0;
}
-int expose_port_execute(sd_netlink *rtnl, FirewallContext **fw_ctx, ExposePort *l, union in_addr_union *exposed) {
+int expose_port_execute(sd_netlink *rtnl, FirewallContext **fw_ctx, ExposePort *l, int af, union in_addr_union *exposed) {
_cleanup_free_ struct local_address *addresses = NULL;
union in_addr_union new_exposed;
ExposePort *p;
bool add;
- int af = AF_INET, r;
+ int r;
assert(exposed);
addresses[0].scope < RT_SCOPE_LINK;
if (!add)
- return expose_port_flush(fw_ctx, l, exposed);
+ return expose_port_flush(fw_ctx, l, af, exposed);
new_exposed = addresses[0].address;
if (in_addr_equal(af, exposed, &new_exposed))
p->container_port,
in_addr_is_null(af, exposed) ? NULL : exposed);
if (r < 0)
- log_warning_errno(r, "Failed to modify firewall: %m");
+ log_warning_errno(r, "Failed to modify %s firewall: %m", af_to_name(af));
}
*exposed = new_exposed;
int expose_port_watch_rtnl(sd_event *event, int recv_fd, sd_netlink_message_handler_t handler, void *userdata, sd_netlink **ret);
int expose_port_send_rtnl(int send_fd);
-int expose_port_execute(sd_netlink *rtnl, FirewallContext **fw_ctx, ExposePort *l, union in_addr_union *exposed);
-int expose_port_flush(FirewallContext **fw_ctx, ExposePort* l, union in_addr_union *exposed);
+int expose_port_execute(sd_netlink *rtnl, FirewallContext **fw_ctx, ExposePort *l, int af, union in_addr_union *exposed);
+int expose_port_flush(FirewallContext **fw_ctx, ExposePort* l, int af, union in_addr_union *exposed);
}
struct ExposeArgs {
- union in_addr_union address;
+ union in_addr_union address4;
+ union in_addr_union address6;
struct FirewallContext *fw_ctx;
};
assert(m);
assert(args);
- expose_port_execute(rtnl, &args->fw_ctx, arg_expose_ports, &args->address);
+ expose_port_execute(rtnl, &args->fw_ctx, arg_expose_ports, AF_INET, &args->address4);
+ expose_port_execute(rtnl, &args->fw_ctx, arg_expose_ports, AF_INET6, &args->address6);
return 0;
}
if (r < 0)
return r;
- (void) expose_port_execute(rtnl, &expose_args->fw_ctx, arg_expose_ports, &expose_args->address);
+ (void) expose_port_execute(rtnl, &expose_args->fw_ctx, arg_expose_ports, AF_INET, &expose_args->address4);
+ (void) expose_port_execute(rtnl, &expose_args->fw_ctx, arg_expose_ports, AF_INET6, &expose_args->address6);
}
rtnl_socket_pair[0] = safe_close(rtnl_socket_pair[0]);
return 0; /* finito */
}
- expose_port_flush(&expose_args->fw_ctx, arg_expose_ports, &expose_args->address);
+ expose_port_flush(&expose_args->fw_ctx, arg_expose_ports, AF_INET, &expose_args->address4);
+ expose_port_flush(&expose_args->fw_ctx, arg_expose_ports, AF_INET6, &expose_args->address6);
(void) remove_veth_links(veth_name, arg_network_veth_extra);
*veth_created = false;
(void) rm_rf(p, REMOVE_ROOT);
}
- expose_port_flush(&fw_ctx, arg_expose_ports, &expose_args.address);
+ expose_port_flush(&fw_ctx, arg_expose_ports, AF_INET, &expose_args.address4);
+ expose_port_flush(&fw_ctx, arg_expose_ports, AF_INET6, &expose_args.address6);
if (veth_created)
(void) remove_veth_links(veth_name, arg_network_veth_extra);
projects / thirdparty / systemd.git / commitdiff
