[Devel,2/3] net: iptables_tool_{dump, restore} helpers introduced

Submitted by Stanislav Kinsburskiy on July 21, 2017, 7:41 a.m.

Details

Message ID 20170721074158.16840.95636.stgit@skinsbursky-vz7.qa.sw.ru
State New
Series "criu: restore iptables in VE#0"
Headers show

Commit Message

Stanislav Kinsburskiy July 21, 2017, 7:41 a.m.
A couple of simple helpers to destinguish between iptables dump and restore.
Will be useful later, when iptables restore will happen in VE#0.

Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
---
 criu/net.c |   19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/net.c b/criu/net.c
index abf15c6..9986310 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1301,6 +1301,16 @@  static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
 	return ret;
 }
 
+static int iptables_tool_restore(char *def_cmd, int fdin)
+{
+	return run_iptables_tool(def_cmd, fdin, -1);
+}
+
+static int iptables_tool_dump(char *def_cmd, int fdout)
+{
+	return run_iptables_tool(def_cmd, -1, fdout);
+}
+
 static inline int dump_ifaddr(struct cr_imgset *fds)
 {
 	struct cr_img *img = img_from_set(fds, CR_FD_IFADDR);
@@ -1352,12 +1362,12 @@  static inline int dump_iptables(struct cr_imgset *fds)
 	struct cr_img *img;
 
 	img = img_from_set(fds, CR_FD_IPTABLES);
-	if (run_iptables_tool("iptables-save", -1, img_raw_fd(img)))
+	if (iptables_tool_dump("iptables-save", img_raw_fd(img)))
 		return -1;
 
 	if (kdat.ipv6) {
 		img = img_from_set(fds, CR_FD_IP6TABLES);
-		if (run_iptables_tool("ip6tables-save", -1, img_raw_fd(img)))
+		if (iptables_tool_dump("ip6tables-save", img_raw_fd(img)))
 			return -1;
 	}
 
@@ -1528,7 +1538,7 @@  static inline int restore_iptables(int pid)
 
 	img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
 	if (img) {
-		ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
+		ret = iptables_tool_restore("iptables-restore", img_raw_fd(img));
 		close_image(img);
 	}
 	if (ret)
@@ -1540,7 +1550,8 @@  static inline int restore_iptables(int pid)
 	if (empty_image(img))
 		goto out;
 
-	ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
+	ret = iptables_tool_restore("ip6tables-restore", img_raw_fd(img));
+
 out:
 	close_image(img);
 

Comments

Andrey Vagin July 24, 2017, 7:13 p.m.
On Fri, Jul 21, 2017 at 10:41:58AM +0300, Stanislav Kinsburskiy wrote:
> A couple of simple helpers to destinguish between iptables dump and restore.
> Will be useful later, when iptables restore will happen in VE#0.
> 
> Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
> ---
>  criu/net.c |   19 +++++++++++++++----
>  1 file changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index abf15c6..9986310 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1301,6 +1301,16 @@ static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
>  	return ret;
>  }
>  
> +static int iptables_tool_restore(char *def_cmd, int fdin)
> +{
> +	return run_iptables_tool(def_cmd, fdin, -1);
> +}
> +
> +static int iptables_tool_dump(char *def_cmd, int fdout)
> +{
> +	return run_iptables_tool(def_cmd, -1, fdout);
> +}
> +
>  static inline int dump_ifaddr(struct cr_imgset *fds)
>  {
>  	struct cr_img *img = img_from_set(fds, CR_FD_IFADDR);
> @@ -1352,12 +1362,12 @@ static inline int dump_iptables(struct cr_imgset *fds)
>  	struct cr_img *img;
>  
>  	img = img_from_set(fds, CR_FD_IPTABLES);
> -	if (run_iptables_tool("iptables-save", -1, img_raw_fd(img)))
> +	if (iptables_tool_dump("iptables-save", img_raw_fd(img)))
>  		return -1;
>  
>  	if (kdat.ipv6) {
>  		img = img_from_set(fds, CR_FD_IP6TABLES);
> -		if (run_iptables_tool("ip6tables-save", -1, img_raw_fd(img)))
> +		if (iptables_tool_dump("ip6tables-save", img_raw_fd(img)))
>  			return -1;
>  	}
>  
> @@ -1528,7 +1538,7 @@ static inline int restore_iptables(int pid)
>  
>  	img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
>  	if (img) {
> -		ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
> +		ret = iptables_tool_restore("iptables-restore", img_raw_fd(img));
>  		close_image(img);
>  	}
>  	if (ret)
> @@ -1540,7 +1550,8 @@ static inline int restore_iptables(int pid)
>  	if (empty_image(img))
>  		goto out;
>  
> -	ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
> +	ret = iptables_tool_restore("ip6tables-restore", img_raw_fd(img));

There are two other places, which probably have to be fixed too.

network_lock_internal
network_unlock_internal

I'm not sure about network_lock_internal(), but
network_unlock_internal() is called from ve

> +
>  out:
>  	close_image(img);
>  
> 
> _______________________________________________
> Devel mailing list
> Devel@openvz.org
> https://lists.openvz.org/mailman/listinfo/devel