Use fixed TFTP ports for robustness

This way we can cleanup old iptables entries in case or crash/termination

1 files changed, 35 insertions, 31 deletions

diff --git a/bbot/machine.cxx b/bbot/machine.cxx
index ce07c94..86448cf 100644
--- a/bbot/machine.cxx
+++ b/bbot/machine.cxx
@@ -31,45 +31,49 @@ namespace bbot
             const char* a,
             const string& tap,
             const string& br,
-            uint16_t port)
+            uint16_t port,
+            bool ignore_errors = false)
   {
     string addr (iface_addr (br));
 
+    auto_fd fdn (ignore_errors ? fdnull () : nullfd);
+    int ofd (ignore_errors ? fdn.get () : 2);
+
     process_exit::code_type e;
 
-    e = run_exit (t,
-                  "sudo",             "iptables",
-                  "-t",               "nat",
-                  a,                  "PREROUTING",
-                  "-m",               "udp",
-                  "-p",               "udp",
-                  "-m",               "physdev",
-                  "-i",               br,
-                  "--physdev-in",     tap,
-                  "--dport",          69,
-                  "-j",               "DNAT",
-                  "--to-destination", addr + ':' + to_string (port));
-
-    if (e != 0 && port != 0)
+    e = run_io_exit (t, 0, ofd, ofd,
+                     "sudo",             "iptables",
+                     "-t",               "nat",
+                     a,                  "PREROUTING",
+                     "-m",               "udp",
+                     "-p",               "udp",
+                     "-m",               "physdev",
+                     "-i",               br,
+                     "--physdev-in",     tap,
+                     "--dport",          69,
+                     "-j",               "DNAT",
+                     "--to-destination", addr + ':' + to_string (port));
+
+    if (e != 0 && !ignore_errors)
       fail << "process iptables terminated with non-zero exit code";
 
     // Nobody really knows whether this is really needed (really)...
     //
-    e = run_exit (t,
-                  "sudo",             "iptables",
-                  a,                  "FORWARD",
-                  "-m",               "udp",
-                  "-p",               "udp",
-                  "-m",               "physdev",
-                  "-o",               br,
-                  "--physdev-out",    tap,
-                  "-d",               addr,
-                  "--dport",          port,
-                  "-m",               "state",
-                  "--state",          "NEW,ESTABLISHED,RELATED",
-                  "-j",               "ACCEPT");
-
-    if (e != 0 && port != 0)
+    e = run_io_exit (t, 0, ofd, ofd,
+                     "sudo",             "iptables",
+                     a,                  "FORWARD",
+                     "-m",               "udp",
+                     "-p",               "udp",
+                     "-m",               "physdev",
+                     "-o",               br,
+                     "--physdev-out",    tap,
+                     "-d",               addr,
+                     "--dport",          port,
+                     "-m",               "state",
+                     "--state",          "NEW,ESTABLISHED,RELATED",
+                     "-j",               "ACCEPT");
+
+    if (e != 0 && !ignore_errors)
       fail << "process iptables terminated with non-zero exit code";
   }
 
@@ -82,7 +86,7 @@ namespace bbot
 
     // First try to delete it in case there is one from a previous run.
     //
-    //iptables (trace, "-D", t, br, 0); // Any port.
+    iptables (trace, "-D", t, br, port, true); // Ignore errors.
     run_exit (trace, "sudo", "ip", "tuntap", "delete", t, "mode", "tap");
 
     run (trace, "sudo", "ip", "tuntap", "add", t, "mode", "tap", "user", uid);