Move the actual execution of `iptable' into a new function which
captures the stderr, and logs it. The actual `iptables' command is a
parameter to `frob_iptable_command' so that in future we can reuse
this subroutine for `ip6tables'.
No functional change other than to log messages.
Signed-off-by: Ian Jackson <ian.jack...@eu.citrix.com>
---
tools/hotplug/Linux/vif-common.sh | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/tools/hotplug/Linux/vif-common.sh
b/tools/hotplug/Linux/vif-common.sh
index 77d139d..20cb6a7 100644
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -120,8 +120,10 @@ fi
ip=${ip:-}
ip=$(xenstore_read_default "$XENBUS_PATH/ip" "$ip")
-frob_iptable()
+frob_iptable_command()
{
+ local iptables=$1; shift
+
if [ "$command" == "online" -o "$command" == "add" ]
then
local c="-I"
@@ -129,17 +131,21 @@ frob_iptable()
local c="-D"
fi
- iptables "$c" FORWARD -w $dev_in_match "$dev" \
- "$@" -j ACCEPT 2>/dev/null &&
- iptables "$c" FORWARD -w $dev_out_match "$dev" \
- -j ACCEPT 2>/dev/null
-
+ local errormsg=$("$iptables" "$c" "$@" 2>&1)
if [ \( "$command" == "online" -o "$command" == "add" \) -a $? -ne 0 ]
then
- log err "iptables setup failed. This may affect guest networking."
+ log err "iptables setup failed. This may affect guest networking.
($iptables $c $*: $errormsg)"
fi
}
+frob_iptable()
+{
+ frob_iptable_command iptables FORWARD -w $dev_in_match "$dev" \
+ "$@" -j ACCEPT 2>/dev/null
+ frob_iptable_command iptables FORWARD -w $dev_out_match "$dev" \
+ -j ACCEPT 2>/dev/null
+}
+
##
# Add or remove the appropriate entries in the iptables. With antispoofing
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
