[pbs-devel] [PATCH proxmox-firewall v5 1/1] firewall: config: use proxmox-network-api

Stefan Hanreich s.hanreich at proxmox.com
Mon Aug 4 18:24:43 CEST 2025 

proxmox-network-api now provides functions for obtaining the network
interface information directly. Adapt the firewall to use the function
from proxmox-network-api instead.

The name of InterfaceMapping has changed during this, so adapt the
firewall to use the new name for the struct.

Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
 proxmox-firewall/Cargo.toml                 |  3 +-
 proxmox-firewall/src/config.rs              | 33 ++++++---------------
 proxmox-firewall/tests/integration_tests.rs |  8 ++---
 3 files changed, 14 insertions(+), 30 deletions(-)

diff --git a/proxmox-firewall/Cargo.toml b/proxmox-firewall/Cargo.toml
index f7ef47e..2f247c3 100644
--- a/proxmox-firewall/Cargo.toml
+++ b/proxmox-firewall/Cargo.toml
@@ -21,8 +21,9 @@ serde_json = "1"
 signal-hook = "0.3"
 
 proxmox-log = "1"
-proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
 proxmox-network-types = { workspace = true }
+proxmox-network-api = { version = "1", features = [ "impl" ] }
+proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
 proxmox-ve-config = { workspace = true }
 
 [dev-dependencies]
diff --git a/proxmox-firewall/src/config.rs b/proxmox-firewall/src/config.rs
index 6e357a1..d6a4df5 100644
--- a/proxmox-firewall/src/config.rs
+++ b/proxmox-firewall/src/config.rs
@@ -3,7 +3,7 @@ use std::default::Default;
 use std::fs::{self, DirEntry, File, ReadDir};
 use std::io::{self, BufReader};
 
-use anyhow::{Context, Error, bail, format_err};
+use anyhow::{bail, format_err, Context, Error};
 
 use proxmox_log as log;
 
@@ -15,13 +15,12 @@ use proxmox_ve_config::firewall::types::alias::{Alias, AliasName, AliasScope};
 
 use proxmox_ve_config::guest::types::Vmid;
 use proxmox_ve_config::guest::{GuestEntry, GuestMap};
-use proxmox_ve_config::host::network::InterfaceMapping;
-use proxmox_ve_config::host::network::IpLink;
 use proxmox_ve_config::host::types::BridgeName;
 
-use proxmox_nftables::NftClient;
+use proxmox_network_api::{get_network_interfaces, AltnameMapping};
 use proxmox_nftables::command::{CommandOutput, Commands, List, ListOutput};
 use proxmox_nftables::types::ListChain;
+use proxmox_nftables::NftClient;
 use proxmox_ve_config::sdn::{
     config::{RunningConfig, SdnConfig},
     ipam::{Ipam, IpamJson},
@@ -44,7 +43,7 @@ pub trait FirewallConfigLoader {
         &self,
         bridge_name: &BridgeName,
     ) -> Result<Option<Box<dyn io::BufRead>>, Error>;
-    fn interface_mapping(&self) -> Result<InterfaceMapping, Error>;
+    fn interface_mapping(&self) -> Result<AltnameMapping, Error>;
 }
 
 #[derive(Default)]
@@ -227,24 +226,10 @@ impl FirewallConfigLoader for PveFirewallConfigLoader {
         Ok(None)
     }
 
-    fn interface_mapping(&self) -> Result<InterfaceMapping, Error> {
-        let output = std::process::Command::new("ip")
-            .arg("-details")
-            .arg("-json")
-            .arg("link")
-            .arg("show")
-            .stdout(std::process::Stdio::piped())
-            .output()
-            .with_context(|| "could not obtain ip link output")?;
-
-        if !output.status.success() {
-            bail!("ip link returned non-zero exit code")
-        }
-
-        Ok(serde_json::from_slice::<Vec<IpLink>>(&output.stdout)
-            .with_context(|| "could not deserialize ip link output")?
-            .into_iter()
-            .collect())
+    fn interface_mapping(&self) -> Result<AltnameMapping, Error> {
+        Ok(AltnameMapping::from_iter(
+            get_network_interfaces()?.into_values(),
+        ))
     }
 }
 
@@ -280,7 +265,7 @@ pub struct FirewallConfig {
     nft_config: BTreeMap<String, ListChain>,
     sdn_config: Option<SdnConfig>,
     ipam_config: Option<Ipam>,
-    interface_mapping: InterfaceMapping,
+    interface_mapping: AltnameMapping,
 }
 
 impl FirewallConfig {
diff --git a/proxmox-firewall/tests/integration_tests.rs b/proxmox-firewall/tests/integration_tests.rs
index 69f9cc2..2c550eb 100644
--- a/proxmox-firewall/tests/integration_tests.rs
+++ b/proxmox-firewall/tests/integration_tests.rs
@@ -1,9 +1,9 @@
 use anyhow::{Context, Error};
-use proxmox_ve_config::host::network::InterfaceMapping;
 use std::collections::HashMap;
 
 use proxmox_firewall::config::{FirewallConfig, FirewallConfigLoader, NftConfigLoader};
 use proxmox_firewall::firewall::Firewall;
+use proxmox_network_api::AltnameMapping;
 use proxmox_nftables::command::CommandOutput;
 use proxmox_sys::nodename;
 use proxmox_ve_config::guest::types::Vmid;
@@ -93,10 +93,8 @@ impl FirewallConfigLoader for MockFirewallConfigLoader {
         Ok(None)
     }
 
-    fn interface_mapping(
-        &self,
-    ) -> Result<proxmox_ve_config::host::network::InterfaceMapping, Error> {
-        Ok(InterfaceMapping::from_iter(vec![]))
+    fn interface_mapping(&self) -> Result<AltnameMapping, Error> {
+        Ok(AltnameMapping::from_iter(vec![]))
     }
 }
 
-- 
2.47.2

More information about the pbs-devel mailing list