aboutsummaryrefslogtreecommitdiff
path: root/bbot/machine.cxx
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2017-04-29 15:14:33 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2017-04-29 15:14:33 +0200
commit1364413cee696ff60f4dd1e3ac1eb281ac7a4e8f (patch)
treee29faeca957ef381d4c2ccbda67dce90fe3e3e01 /bbot/machine.cxx
parentdb938098044fc5fb76fcdfbec2a28d232028aa51 (diff)
Use fixed TFTP ports for robustness
This way we can cleanup old iptables entries in case or crash/termination
Diffstat (limited to 'bbot/machine.cxx')
-rw-r--r--bbot/machine.cxx66
1 files changed, 35 insertions, 31 deletions
diff --git a/bbot/machine.cxx b/bbot/machine.cxx
index ce07c94..86448cf 100644
--- a/bbot/machine.cxx
+++ b/bbot/machine.cxx
@@ -31,45 +31,49 @@ namespace bbot
const char* a,
const string& tap,
const string& br,
- uint16_t port)
+ uint16_t port,
+ bool ignore_errors = false)
{
string addr (iface_addr (br));
+ auto_fd fdn (ignore_errors ? fdnull () : nullfd);
+ int ofd (ignore_errors ? fdn.get () : 2);
+
process_exit::code_type e;
- e = run_exit (t,
- "sudo", "iptables",
- "-t", "nat",
- a, "PREROUTING",
- "-m", "udp",
- "-p", "udp",
- "-m", "physdev",
- "-i", br,
- "--physdev-in", tap,
- "--dport", 69,
- "-j", "DNAT",
- "--to-destination", addr + ':' + to_string (port));
-
- if (e != 0 && port != 0)
+ e = run_io_exit (t, 0, ofd, ofd,
+ "sudo", "iptables",
+ "-t", "nat",
+ a, "PREROUTING",
+ "-m", "udp",
+ "-p", "udp",
+ "-m", "physdev",
+ "-i", br,
+ "--physdev-in", tap,
+ "--dport", 69,
+ "-j", "DNAT",
+ "--to-destination", addr + ':' + to_string (port));
+
+ if (e != 0 && !ignore_errors)
fail << "process iptables terminated with non-zero exit code";
// Nobody really knows whether this is really needed (really)...
//
- e = run_exit (t,
- "sudo", "iptables",
- a, "FORWARD",
- "-m", "udp",
- "-p", "udp",
- "-m", "physdev",
- "-o", br,
- "--physdev-out", tap,
- "-d", addr,
- "--dport", port,
- "-m", "state",
- "--state", "NEW,ESTABLISHED,RELATED",
- "-j", "ACCEPT");
-
- if (e != 0 && port != 0)
+ e = run_io_exit (t, 0, ofd, ofd,
+ "sudo", "iptables",
+ a, "FORWARD",
+ "-m", "udp",
+ "-p", "udp",
+ "-m", "physdev",
+ "-o", br,
+ "--physdev-out", tap,
+ "-d", addr,
+ "--dport", port,
+ "-m", "state",
+ "--state", "NEW,ESTABLISHED,RELATED",
+ "-j", "ACCEPT");
+
+ if (e != 0 && !ignore_errors)
fail << "process iptables terminated with non-zero exit code";
}
@@ -82,7 +86,7 @@ namespace bbot
// First try to delete it in case there is one from a previous run.
//
- //iptables (trace, "-D", t, br, 0); // Any port.
+ iptables (trace, "-D", t, br, port, true); // Ignore errors.
run_exit (trace, "sudo", "ip", "tuntap", "delete", t, "mode", "tap");
run (trace, "sudo", "ip", "tuntap", "add", t, "mode", "tap", "user", uid);