net: Make criu do not fail on recent iproute2

Details

Message ID	147802286224.8431.13458978238083740133.stgit@localhost.localdomain
State	Superseded
Series	"net: Make criu do not fail on recent iproute2"
Headers	show Delivered-To: criupatchwork@gmail.com Received-SPF: pass (google.com: domain of criu-bounces@openvz.org designates 199.115.104.192 as permitted sender) client-ip=199.115.104.192; From: Kirill Tkhai <ktkhai@virtuozzo.com> To: <criu@openvz.org>, <ktkhai@virtuozzo.com>, <temnota.am@gmail.com>, <xemul@virtuozzo.com> Date: Tue, 1 Nov 2016 20:55:18 +0300 Message-ID: <147802286224.8431.13458978238083740133.stgit@localhost.localdomain> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 SpamDiagnosticOutput: 1:0 X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2144; 7:Ri93ytNg/cypKhbcktFgCJDW+t0OaN+F7EOv1JT7IeTqKyqdLYbEojTggPDZaR3yjbVIp5CoZ35yiaogfW/1L25KYRhEPLOg6x6C6RqRCLs7wZlFPyRRTrbfDB9Nyj0PGt2cU78JqSbWk0yMf3+OggSC90CO5VWfONggpCsaztTlgPkyE9ED+hWOMTaDDxbkCBuJDG7wf1eWEWBxFgdvtkMWULuy2UktJsyCU9kIf1x4/LJiqh1Sm1uT9rEhQrtAeugFDxbgIigLpWJoXP3fD2gfiQI8uIXPs09EIcKg2/OU4FmWJRR99GyM1HITs76gkjp9ctdrLAOlnS+wjCL06OiTyjBaZMBC/w21CXy7E2I=; 20:AABC/6geZN3gBT/97EK47pumwp2EZ5sM2mmgtHNkvAT6bOy37eXaOjCMqktuyo/tc8j9Pp2Mu/m8MJAAnT3UwfM6h2lLlNkGAyb+z9ETFd7gqLTK1slB/GwFfnNdaFFUeAWHiMkIAo/wNfIWrnGwgwd5pJqdC40rmgfrearkZng= Subject: [CRIU] [PATCH] net: Make criu do not fail on recent iproute2 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: criu-bounces@openvz.org Errors-To: criu-bounces@openvz.org

Message ID

147802286224.8431.13458978238083740133.stgit@localhost.localdomain

State

Superseded

Series

"net: Make criu do not fail on recent iproute2"

Headers

show

Delivered-To: criupatchwork@gmail.com
Received: from gmail-imap.l.google.com [173.194.202.109]
	by patchwork.criu.org with IMAP (fetchmail-6.3.26)
	for <root@localhost> (single-drop);
	Tue, 01 Nov 2016 18:55:50 +0100 (CET)
Received: by 10.37.170.230 with SMTP id t93csp729434ybi; Tue, 1 Nov 2016
	10:55:46 -0700 (PDT)
X-Received: by 10.99.64.132 with SMTP id n126mr50394513pga.87.1478022946859; 
	Tue, 01 Nov 2016 10:55:46 -0700 (PDT)
Return-Path: <criu-bounces@openvz.org>
Received: from mail.openvz.org (mail.openvz.org. [199.115.104.192]) by
	mx.google.com with ESMTPS id r70si16586589pfd.203.2016.11.01.10.55.44
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 01 Nov 2016 10:55:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of criu-bounces@openvz.org designates
	199.115.104.192 as permitted sender) client-ip=199.115.104.192;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
	criu-bounces@openvz.org designates 199.115.104.192 as permitted
	sender)
	smtp.mailfrom=criu-bounces@openvz.org; dmarc=fail (p=NONE dis=NONE)
	header.from=virtuozzo.com
Received: from mail.openvz.org (localhost [127.0.0.1]) by mail.openvz.org
	(8.14.4/8.14.4) with ESMTP id uA1HtTOe004321;
	Tue, 1 Nov 2016 10:55:32 -0700
Received: from EUR01-DB5-obe.outbound.protection.outlook.com
	(mail-db5eur01lp0177.outbound.protection.outlook.com
	[213.199.154.177]) by
	mail.openvz.org (8.14.4/8.14.4) with ESMTP id uA1HtOLg004318 for
	<criu@openvz.org>; Tue, 1 Nov 2016 10:55:25 -0700
Authentication-Results: openvz.org; dkim=none (message not signed)
	header.d=none; openvz.org;
	dmarc=none action=none header.from=virtuozzo.com; 
Received: from localhost.localdomain (195.214.232.10) by
	VI1PR0802MB2144.eurprd08.prod.outlook.com (10.172.12.13) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
	15.1.693.12; Tue, 1 Nov 2016 17:55:22 +0000
From: Kirill Tkhai <ktkhai@virtuozzo.com>
To: <criu@openvz.org>, <ktkhai@virtuozzo.com>, <temnota.am@gmail.com>,
	<xemul@virtuozzo.com>
Date: Tue, 1 Nov 2016 20:55:18 +0300
Message-ID: <147802286224.8431.13458978238083740133.stgit@localhost.localdomain>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
X-Originating-IP: [195.214.232.10]
X-ClientProxiedBy: AMSPR02CA0034.eurprd02.prod.outlook.com (10.242.225.162)
	To
	VI1PR0802MB2144.eurprd08.prod.outlook.com (10.172.12.13)
X-MS-Office365-Filtering-Correlation-Id: 2b86254a-4c61-4522-23f6-08d402804097
X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2144;
	2:rUoYbkwPEdEni0CGqvNjDJ4+DJ9ViOVPwABJz/0dr8pAB7VPSA7+8ly9gmf6P8r1Ib3NNA9yH5ex0BP+UdVwLlncSbOoFenoZeHJEH291je4iWXu5qraSvbDVyZsBA4Np4M7YT7ISoPLBukbfi1zRaYmGW53/rgV4pKQvr/WnQepOJdC3ktL6KFuvDaNFuXI7HUiDqZqA5vdxp7GT/tiag==;
	3:gFAJ909w3vRkSO/lE+biQHSTnjuGFVna0Lou/BJfuNXnTMyGITtXA//pUEWPYZqRKwKVJo3dFTR37y8FJrla3R3L9PcPjo+m0VslCymDs1xBLEXpWxBF9ewUJ5/YRqacID/d/O/adh0nSJHy8eOa8A==;
	25:W7AmMYGKrHliTO03Mbt+bLMoZl4eONWet3Xd6XYsy4VLHGA7yd2KAYrQIokbmZpRmJVgP8KUsAJoIEyJAQghK4kyEZgySPwq28UaJEstZOcrX48LSCfVrvcrb0vrWtLfue/MLPVjDzoadkbWpJy08KR5/AxzRT92rVExDyIsGwazHpUw36OEnU+uIXxZBr/zpCdB/SM/xHVoU/DHYo3B9kcXYxvMZfrcVTejaIWSHox+pn2+b8ubOgzDsVsIch2kogV0VJZimu8ECtA932cINo93nk0EDVsKHU+8SALW8KXJ2IiPiY81wHUqjVTFHSAiFfrFdNOa/3XVlp8x60Sa9J8d1oCfWPHX3RR/20/sLnmI4vcsYTUO0v2qG7XBB9jJ1djhuo+PkK/xPSO2lNe7ploMZMP0xfisbfmLT9T4IZEeLwjtohdkKliYLIk8Smiv
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0802MB2144;
X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2144;
	31:N0rg70J+tscdDYeKerDNvncbThAutpYp3/7Ichj2uEFi+DVAvXCcAVwcvF8R+o67bps3Ugu5Otnhuli5ydzgqPjZy2rvtWWz+2IPtp+mpqqV3Vt+wwtluACGsE7Zz2N9mIiv+wgwn5by0i/wVoB+uikjmDZ1nX3J6CL4SZ7o/3yYh5ra17Ccaq+Ws1b8SqqZ1ItNNN64smWrEB/wTC9bvsvR8LdyLZjmLlPgeu4B3n0AAxu+QZyDuw0yvYHimEf9c4wkzJEKIda9jE9cxv+QQg==;
	4:P/V6h55SVGUQT8aI6Ja5F/1DiU8eCr9SQes2pJTVbX/XIX+G/jPmr2d5eCzCXi4ZMtX4kRZOw4Z4JZ3hGQdSFmNksW0gmKFMMtR0Mk2wpA9Bsjnt65CsufkRKTfJbfLX1bZ9vjOJok39z49dM7sZKzakFvZC/IRUSn/vqmCyYq6M4bOXfUbrSR6KgesgLJMi4tnVUoF+UfnuMUiPCvcqv+CkQ5fvKmMH0jjp2U6gmsabZf2T/U8QSGnZOcuIbG0smKh+ex0LYc3d9FcdjBZG3w8jp5qzmHHHX9Cj3KbGOrBoQFn73vtvKh6wOl9esZR1Rkgf/JaW4DS8KNr0SXlxHVar/Dx7HxooPRVqXyOhWK0Mk+jHw4JjQMnZkuk6uv1PZlg28//izJyhKL3VCekxGg==;
	23:IQ4RWo9wJdpzMl7CQv/GHpRQD6HeEcul03LoXqyXkj6bcvrVCgvtfSWcNICwxtGr/IjR8RvJLe+wXAD1G/w3yo+6YMN1lapZESs9+ikAoi09kEa8fR7u0lcPCA7q6RAhBjtGC6jrcM5AG2fTducRo+tk4aK5kCEBxxcRBDULVTa8vb190OQhzTJfYAtlVzhA
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(9101524098)(601004)(2401047)(8121501046)(10201501046)(3002001);
	SRVR:VI1PR0802MB2144; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0802MB2144;
X-Forefront-Antispam-Report: SFV:SKI; SFS:; DIR:INB; SFP:; SCL:-1;
	SRVR:VI1PR0802MB2144; H:localhost.localdomain; FPR:; SPF:None; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2144;
	6:4FqXgwYDDZFVb9r0m1LeYDSsYCE9oHxM3ntGgy0DYia6vOEBjQoGh3qCjUZZ1S2EjyjOrNlWVI2ZpVNNNrzWaJzWmDM9r1/zga9URgDIVoaezk4+Q15wzqNQObu947dsyATvzRwRH9b0Qc5kW4HjgQIWZZuKaXyO8d39EuWCUbN4Gux6ZJwMCLYShe6u0AaUuz/w2k5aaV/PQ12tv35WCfbjBzC+4/wtEsqnZzpOdQoKsKlErN96J/FJBnoG9HKnGPUCkiOou95C6VlFVo7Q6rTAAqpSg75EOE/YkZEi1U0T0At4m67/aGOl3GF/ZnJT;
	5:ulHgu1oOvRdQ1G36/t/2zQz9sAYSrRfbfEzPeBQHaDgu9gOL7pa2hyyMKXnEGlflPFwR9rcyqOTqhsmoukV27+cr5pp+n5i/5Uv/KwIxkJpzNIWwsjTTWrKRyx8/ydFJSzXKXQ0IcUqjGKvP29ARLS8uDrcHBLpG6w1BLaFG3oc=;
	24:CUbIjHAsFttdGje73Vb9fiGKhQQDKW8gjZesZvPn1W8fW+4yErKzd0iukBBWt9EyG6levnvpFxghAWrG83rXpMUZ2+0tzhtNXwQXbAjH59w=
SpamDiagnosticOutput: 1:0
X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2144;
	7:Ri93ytNg/cypKhbcktFgCJDW+t0OaN+F7EOv1JT7IeTqKyqdLYbEojTggPDZaR3yjbVIp5CoZ35yiaogfW/1L25KYRhEPLOg6x6C6RqRCLs7wZlFPyRRTrbfDB9Nyj0PGt2cU78JqSbWk0yMf3+OggSC90CO5VWfONggpCsaztTlgPkyE9ED+hWOMTaDDxbkCBuJDG7wf1eWEWBxFgdvtkMWULuy2UktJsyCU9kIf1x4/LJiqh1Sm1uT9rEhQrtAeugFDxbgIigLpWJoXP3fD2gfiQI8uIXPs09EIcKg2/OU4FmWJRR99GyM1HITs76gkjp9ctdrLAOlnS+wjCL06OiTyjBaZMBC/w21CXy7E2I=;
	20:AABC/6geZN3gBT/97EK47pumwp2EZ5sM2mmgtHNkvAT6bOy37eXaOjCMqktuyo/tc8j9Pp2Mu/m8MJAAnT3UwfM6h2lLlNkGAyb+z9ETFd7gqLTK1slB/GwFfnNdaFFUeAWHiMkIAo/wNfIWrnGwgwd5pJqdC40rmgfrearkZng=
X-OriginatorOrg: virtuozzo.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2016 17:55:22.4745
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0802MB2144
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 195.214.232.10
X-MS-Exchange-CrossPremises-AuthSource: VI1PR0802MB2144.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-AVStamp-Service: 1.0
X-MS-Exchange-CrossPremises-SCL: -1
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:SKI; 
	SKIP:0;
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: VI1PR0802MB2144.eurprd08.prod.outlook.com
Subject: [CRIU] [PATCH] net: Make criu do not fail on recent iproute2
X-BeenThere: criu@openvz.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: CRIU development <criu.openvz.org>
List-Unsubscribe: <https://lists.openvz.org/mailman/options/criu>,
	<mailto:criu-request@openvz.org?subject=unsubscribe>
List-Archive: <http://lists.openvz.org/pipermail/criu/>
List-Post: <mailto:criu@openvz.org>
List-Help: <mailto:criu-request@openvz.org?subject=help>
List-Subscribe: <https://lists.openvz.org/mailman/listinfo/criu>,
	<mailto:criu-request@openvz.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: criu-bounces@openvz.org
Errors-To: criu-bounces@openvz.org

Commit Message

Kirill Tkhai Nov. 1, 2016, 5:55 p.m.

Since iprule commit 67a990b81126 command "ip rule del" is not working anymore:

    iproute: disallow ip rule del without parameters

    Disallow run `ip rule del` without any parameter to avoid delete any first
    rule from table.

    Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com>

So, criu restore fails with:

    Error (criu/net.c:1277): IP tool failed on rule delete

Fix that by explicit passing of rule's table. Also, this works on ancient iproute2.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 criu/net.c |   24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/net.c b/criu/net.c
index f563f00..bcb75c5 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1259,22 +1259,22 @@  static int restore_links(int pid, NetnsEntry **netns)
 	return ret;
 }
 
-static int run_ip_tool(char *arg1, char *arg2, char *arg3, int fdin, int fdout, unsigned flags)
+static int run_ip_tool(char *arg1, char *arg2, char *arg3, char *arg4, int fdin, int fdout, unsigned flags)
 {
 	char *ip_tool_cmd;
 	int ret;
 
-	pr_debug("\tRunning ip %s %s\n", arg1, arg2);
+	pr_debug("\tRunning ip %s %s %s %s\n", arg1, arg2, arg3 ? : "\0", arg4 ? : "\0");
 
 	ip_tool_cmd = getenv("CR_IP_TOOL");
 	if (!ip_tool_cmd)
 		ip_tool_cmd = "ip";
 
 	ret = cr_system(fdin, fdout, -1, ip_tool_cmd,
-				(char *[]) { "ip", arg1, arg2, arg3, NULL }, flags);
+				(char *[]) { "ip", arg1, arg2, arg3, arg4, NULL }, flags);
 	if (ret) {
 		if (!(flags & CRS_CAN_FAIL))
-			pr_err("IP tool failed on %s %s\n", arg1, arg2);
+			pr_err("IP tool failed on %s %s %s %s\n", arg1, arg2, arg3 ? : "\0", arg4 ? : "\0");
 		return -1;
 	}
 
@@ -1300,7 +1300,7 @@  static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
 static inline int dump_ifaddr(struct cr_imgset *fds)
 {
 	struct cr_img *img = img_from_set(fds, CR_FD_IFADDR);
-	return run_ip_tool("addr", "save", NULL, -1, img_raw_fd(img), 0);
+	return run_ip_tool("addr", "save", NULL, NULL, -1, img_raw_fd(img), 0);
 }
 
 static inline int dump_route(struct cr_imgset *fds)
@@ -1308,7 +1308,7 @@  static inline int dump_route(struct cr_imgset *fds)
 	struct cr_img *img;
 
 	img = img_from_set(fds, CR_FD_ROUTE);
-	if (run_ip_tool("route", "save", NULL, -1, img_raw_fd(img), 0))
+	if (run_ip_tool("route", "save", NULL, NULL, -1, img_raw_fd(img), 0))
 		return -1;
 
 	/* If ipv6 is disabled, "ip -6 route dump" dumps all routes */
@@ -1316,7 +1316,7 @@  static inline int dump_route(struct cr_imgset *fds)
 		return 0;
 
 	img = img_from_set(fds, CR_FD_ROUTE6);
-	if (run_ip_tool("-6", "route", "save", -1, img_raw_fd(img), 0))
+	if (run_ip_tool("-6", "route", "save", NULL, -1, img_raw_fd(img), 0))
 		return -1;
 
 	return 0;
@@ -1333,7 +1333,7 @@  static inline int dump_rule(struct cr_imgset *fds)
 	if (!path)
 		return -1;
 
-	if (run_ip_tool("rule", "save", NULL, -1, img_raw_fd(img), CRS_CAN_FAIL)) {
+	if (run_ip_tool("rule", "save", NULL, NULL, -1, img_raw_fd(img), CRS_CAN_FAIL)) {
 		pr_warn("Check if \"ip rule save\" is supported!\n");
 		unlinkat(get_service_fd(IMG_FD_OFF), path, 0);
 	}
@@ -1465,7 +1465,7 @@  static int restore_ip_dump(int type, int pid, char *cmd)
 		return 0;
 	}
 	if (img) {
-		ret = run_ip_tool(cmd, "restore", NULL, img_raw_fd(img), -1, 0);
+		ret = run_ip_tool(cmd, "restore", NULL, NULL, img_raw_fd(img), -1, 0);
 		close_image(img);
 	}
 
@@ -1506,9 +1506,9 @@  static inline int restore_rule(int pid)
 	 * Delete 3 default rules to prevent duplicates. See kernel's
 	 * function fib_default_rules_init() for the details.
 	 */
-	run_ip_tool("rule", "delete", NULL, -1, -1, 0);
-	run_ip_tool("rule", "delete", NULL, -1, -1, 0);
-	run_ip_tool("rule", "delete", NULL, -1, -1, 0);
+	run_ip_tool("rule", "delete", "table", "main",    -1, -1, 0);
+	run_ip_tool("rule", "delete", "table", "local",   -1, -1, 0);
+	run_ip_tool("rule", "delete", "table", "default", -1, -1, 0);
 
 	if (restore_ip_dump(CR_FD_RULE, pid, "rule"))
 		ret = -1;

Comments

Andrey Melnikov Nov. 1, 2016, 9:13 p.m.

2016-11-01 20:55 GMT+03:00 Kirill Tkhai <ktkhai@virtuozzo.com>:
> Since iprule commit 67a990b81126 command "ip rule del" is not working anymore:
>
>     iproute: disallow ip rule del without parameters
>
>     Disallow run `ip rule del` without any parameter to avoid delete any first
>     rule from table.
>
>     Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com>
>
> So, criu restore fails with:
>
>     Error (criu/net.c:1277): IP tool failed on rule delete
>
> Fix that by explicit passing of rule's table. Also, this works on ancient iproute2.

Hmm. `ip rule del` without arguments delete FIRST ONE rule. If you
want delete all rules - use sequence `ip rule flush` to delete all
rules except local and `ip rule del table local` to delete last rule.
This also save one execve() call.

> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> ---
>  criu/net.c |   24 ++++++++++++------------
>  1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/criu/net.c b/criu/net.c
> index f563f00..bcb75c5 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1259,22 +1259,22 @@ static int restore_links(int pid, NetnsEntry **netns)
>         return ret;
>  }
>
> -static int run_ip_tool(char *arg1, char *arg2, char *arg3, int fdin, int fdout, unsigned flags)
> +static int run_ip_tool(char *arg1, char *arg2, char *arg3, char *arg4, int fdin, int fdout, unsigned flags)
>  {
>         char *ip_tool_cmd;
>         int ret;
>
> -       pr_debug("\tRunning ip %s %s\n", arg1, arg2);
> +       pr_debug("\tRunning ip %s %s %s %s\n", arg1, arg2, arg3 ? : "\0", arg4 ? : "\0");
>
>         ip_tool_cmd = getenv("CR_IP_TOOL");
>         if (!ip_tool_cmd)
>                 ip_tool_cmd = "ip";
>
>         ret = cr_system(fdin, fdout, -1, ip_tool_cmd,
> -                               (char *[]) { "ip", arg1, arg2, arg3, NULL }, flags);
> +                               (char *[]) { "ip", arg1, arg2, arg3, arg4, NULL }, flags);
>         if (ret) {
>                 if (!(flags & CRS_CAN_FAIL))
> -                       pr_err("IP tool failed on %s %s\n", arg1, arg2);
> +                       pr_err("IP tool failed on %s %s %s %s\n", arg1, arg2, arg3 ? : "\0", arg4 ? : "\0");
>                 return -1;
>         }
>
> @@ -1300,7 +1300,7 @@ static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
>  static inline int dump_ifaddr(struct cr_imgset *fds)
>  {
>         struct cr_img *img = img_from_set(fds, CR_FD_IFADDR);
> -       return run_ip_tool("addr", "save", NULL, -1, img_raw_fd(img), 0);
> +       return run_ip_tool("addr", "save", NULL, NULL, -1, img_raw_fd(img), 0);
>  }
>
>  static inline int dump_route(struct cr_imgset *fds)
> @@ -1308,7 +1308,7 @@ static inline int dump_route(struct cr_imgset *fds)
>         struct cr_img *img;
>
>         img = img_from_set(fds, CR_FD_ROUTE);
> -       if (run_ip_tool("route", "save", NULL, -1, img_raw_fd(img), 0))
> +       if (run_ip_tool("route", "save", NULL, NULL, -1, img_raw_fd(img), 0))
>                 return -1;
>
>         /* If ipv6 is disabled, "ip -6 route dump" dumps all routes */
> @@ -1316,7 +1316,7 @@ static inline int dump_route(struct cr_imgset *fds)
>                 return 0;
>
>         img = img_from_set(fds, CR_FD_ROUTE6);
> -       if (run_ip_tool("-6", "route", "save", -1, img_raw_fd(img), 0))
> +       if (run_ip_tool("-6", "route", "save", NULL, -1, img_raw_fd(img), 0))
>                 return -1;
>
>         return 0;
> @@ -1333,7 +1333,7 @@ static inline int dump_rule(struct cr_imgset *fds)
>         if (!path)
>                 return -1;
>
> -       if (run_ip_tool("rule", "save", NULL, -1, img_raw_fd(img), CRS_CAN_FAIL)) {
> +       if (run_ip_tool("rule", "save", NULL, NULL, -1, img_raw_fd(img), CRS_CAN_FAIL)) {
>                 pr_warn("Check if \"ip rule save\" is supported!\n");
>                 unlinkat(get_service_fd(IMG_FD_OFF), path, 0);
>         }
> @@ -1465,7 +1465,7 @@ static int restore_ip_dump(int type, int pid, char *cmd)
>                 return 0;
>         }
>         if (img) {
> -               ret = run_ip_tool(cmd, "restore", NULL, img_raw_fd(img), -1, 0);
> +               ret = run_ip_tool(cmd, "restore", NULL, NULL, img_raw_fd(img), -1, 0);
>                 close_image(img);
>         }
>
> @@ -1506,9 +1506,9 @@ static inline int restore_rule(int pid)
>          * Delete 3 default rules to prevent duplicates. See kernel's
>          * function fib_default_rules_init() for the details.
>          */
> -       run_ip_tool("rule", "delete", NULL, -1, -1, 0);
> -       run_ip_tool("rule", "delete", NULL, -1, -1, 0);
> -       run_ip_tool("rule", "delete", NULL, -1, -1, 0);
> +       run_ip_tool("rule", "delete", "table", "main",    -1, -1, 0);
> +       run_ip_tool("rule", "delete", "table", "local",   -1, -1, 0);
> +       run_ip_tool("rule", "delete", "table", "default", -1, -1, 0);
>
>         if (restore_ip_dump(CR_FD_RULE, pid, "rule"))
>                 ret = -1;
>

Kirill Tkhai Nov. 2, 2016, 9:16 a.m.

On 02.11.2016 00:13, Andrey Melnikov wrote:
> 2016-11-01 20:55 GMT+03:00 Kirill Tkhai <ktkhai@virtuozzo.com>:
>> Since iprule commit 67a990b81126 command "ip rule del" is not working anymore:
>>
>>     iproute: disallow ip rule del without parameters
>>
>>     Disallow run `ip rule del` without any parameter to avoid delete any first
>>     rule from table.
>>
>>     Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com>
>>
>> So, criu restore fails with:
>>
>>     Error (criu/net.c:1277): IP tool failed on rule delete
>>
>> Fix that by explicit passing of rule's table. Also, this works on ancient iproute2.
> 
> Hmm. `ip rule del` without arguments delete FIRST ONE rule. If you
> want delete all rules - use sequence `ip rule flush` to delete all
> rules except local and `ip rule del table local` to delete last rule.
> This also save one execve() call.

Sounds good. Thank you!
 
>> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
>> ---
>>  criu/net.c |   24 ++++++++++++------------
>>  1 file changed, 12 insertions(+), 12 deletions(-)
>>
>> diff --git a/criu/net.c b/criu/net.c
>> index f563f00..bcb75c5 100644
>> --- a/criu/net.c
>> +++ b/criu/net.c
>> @@ -1259,22 +1259,22 @@ static int restore_links(int pid, NetnsEntry **netns)
>>         return ret;
>>  }
>>
>> -static int run_ip_tool(char *arg1, char *arg2, char *arg3, int fdin, int fdout, unsigned flags)
>> +static int run_ip_tool(char *arg1, char *arg2, char *arg3, char *arg4, int fdin, int fdout, unsigned flags)
>>  {
>>         char *ip_tool_cmd;
>>         int ret;
>>
>> -       pr_debug("\tRunning ip %s %s\n", arg1, arg2);
>> +       pr_debug("\tRunning ip %s %s %s %s\n", arg1, arg2, arg3 ? : "\0", arg4 ? : "\0");
>>
>>         ip_tool_cmd = getenv("CR_IP_TOOL");
>>         if (!ip_tool_cmd)
>>                 ip_tool_cmd = "ip";
>>
>>         ret = cr_system(fdin, fdout, -1, ip_tool_cmd,
>> -                               (char *[]) { "ip", arg1, arg2, arg3, NULL }, flags);
>> +                               (char *[]) { "ip", arg1, arg2, arg3, arg4, NULL }, flags);
>>         if (ret) {
>>                 if (!(flags & CRS_CAN_FAIL))
>> -                       pr_err("IP tool failed on %s %s\n", arg1, arg2);
>> +                       pr_err("IP tool failed on %s %s %s %s\n", arg1, arg2, arg3 ? : "\0", arg4 ? : "\0");
>>                 return -1;
>>         }
>>
>> @@ -1300,7 +1300,7 @@ static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
>>  static inline int dump_ifaddr(struct cr_imgset *fds)
>>  {
>>         struct cr_img *img = img_from_set(fds, CR_FD_IFADDR);
>> -       return run_ip_tool("addr", "save", NULL, -1, img_raw_fd(img), 0);
>> +       return run_ip_tool("addr", "save", NULL, NULL, -1, img_raw_fd(img), 0);
>>  }
>>
>>  static inline int dump_route(struct cr_imgset *fds)
>> @@ -1308,7 +1308,7 @@ static inline int dump_route(struct cr_imgset *fds)
>>         struct cr_img *img;
>>
>>         img = img_from_set(fds, CR_FD_ROUTE);
>> -       if (run_ip_tool("route", "save", NULL, -1, img_raw_fd(img), 0))
>> +       if (run_ip_tool("route", "save", NULL, NULL, -1, img_raw_fd(img), 0))
>>                 return -1;
>>
>>         /* If ipv6 is disabled, "ip -6 route dump" dumps all routes */
>> @@ -1316,7 +1316,7 @@ static inline int dump_route(struct cr_imgset *fds)
>>                 return 0;
>>
>>         img = img_from_set(fds, CR_FD_ROUTE6);
>> -       if (run_ip_tool("-6", "route", "save", -1, img_raw_fd(img), 0))
>> +       if (run_ip_tool("-6", "route", "save", NULL, -1, img_raw_fd(img), 0))
>>                 return -1;
>>
>>         return 0;
>> @@ -1333,7 +1333,7 @@ static inline int dump_rule(struct cr_imgset *fds)
>>         if (!path)
>>                 return -1;
>>
>> -       if (run_ip_tool("rule", "save", NULL, -1, img_raw_fd(img), CRS_CAN_FAIL)) {
>> +       if (run_ip_tool("rule", "save", NULL, NULL, -1, img_raw_fd(img), CRS_CAN_FAIL)) {
>>                 pr_warn("Check if \"ip rule save\" is supported!\n");
>>                 unlinkat(get_service_fd(IMG_FD_OFF), path, 0);
>>         }
>> @@ -1465,7 +1465,7 @@ static int restore_ip_dump(int type, int pid, char *cmd)
>>                 return 0;
>>         }
>>         if (img) {
>> -               ret = run_ip_tool(cmd, "restore", NULL, img_raw_fd(img), -1, 0);
>> +               ret = run_ip_tool(cmd, "restore", NULL, NULL, img_raw_fd(img), -1, 0);
>>                 close_image(img);
>>         }
>>
>> @@ -1506,9 +1506,9 @@ static inline int restore_rule(int pid)
>>          * Delete 3 default rules to prevent duplicates. See kernel's
>>          * function fib_default_rules_init() for the details.
>>          */
>> -       run_ip_tool("rule", "delete", NULL, -1, -1, 0);
>> -       run_ip_tool("rule", "delete", NULL, -1, -1, 0);
>> -       run_ip_tool("rule", "delete", NULL, -1, -1, 0);
>> +       run_ip_tool("rule", "delete", "table", "main",    -1, -1, 0);
>> +       run_ip_tool("rule", "delete", "table", "local",   -1, -1, 0);
>> +       run_ip_tool("rule", "delete", "table", "default", -1, -1, 0);
>>
>>         if (restore_ip_dump(CR_FD_RULE, pid, "rule"))
>>                 ret = -1;
>>