[CRIU] [PATCH 3/4] net: dump iptables for ipv6 (v2)

Tue Nov 17 12:19:38 PST 2015

From: Andrew Vagin <avagin at openvz.org>

v2: don't dump iptables if ipv6 isn't supported
Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
---
 image-desc.c         |  1 +
 include/image-desc.h |  1 +
 include/magic.h      |  1 +
 net.c                | 29 +++++++++++++++++++++++++++--
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/image-desc.c b/image-desc.c
index a07eb88..f95b218 100644
--- a/image-desc.c
+++ b/image-desc.c
@@ -76,6 +76,7 @@ struct cr_fd_desc_tmpl imgset_template[CR_FD_MAX] = {
 	FD_ENTRY_F(ROUTE6,	"route6-%d", O_NOBUF),
 	FD_ENTRY_F(RULE,	"rule-%d", O_NOBUF),
 	FD_ENTRY_F(IPTABLES,	"iptables-%d", O_NOBUF),
+	FD_ENTRY_F(IP6TABLES,	"ip6tables-%d", O_NOBUF),
 	FD_ENTRY_F(TMPFS_IMG,	"tmpfs-%d.tar.gz", O_NOBUF),
 	FD_ENTRY_F(TMPFS_DEV,	"tmpfs-dev-%d.tar.gz", O_NOBUF),
 	FD_ENTRY(TTY_FILES,	"tty"),
diff --git a/include/image-desc.h b/include/image-desc.h
index fe1289f..ae8ae16 100644
--- a/include/image-desc.h
+++ b/include/image-desc.h
@@ -42,6 +42,7 @@ enum {
 	CR_FD_ROUTE6,
 	CR_FD_RULE,
 	CR_FD_IPTABLES,
+	CR_FD_IP6TABLES,
 	CR_FD_NETNS,
 	_CR_FD_NETNS_TO,
 
diff --git a/include/magic.h b/include/magic.h
index c899a45..25cfb47 100644
--- a/include/magic.h
+++ b/include/magic.h
@@ -98,6 +98,7 @@
 #define TMPFS_IMG_MAGIC		RAW_IMAGE_MAGIC
 #define TMPFS_DEV_MAGIC		RAW_IMAGE_MAGIC
 #define IPTABLES_MAGIC		RAW_IMAGE_MAGIC
+#define IP6TABLES_MAGIC		RAW_IMAGE_MAGIC
 
 #define PAGES_OLD_MAGIC		PAGEMAP_MAGIC
 #define SHM_PAGES_OLD_MAGIC	PAGEMAP_MAGIC
diff --git a/net.c b/net.c
index cca5ef8..43232b9 100644
--- a/net.c
+++ b/net.c
@@ -25,6 +25,8 @@
 #include "pstree.h"
 #include "string.h"
 #include "sysctl.h"
+#include "kerndat.h"
+
 #include "protobuf.h"
 #include "protobuf/netdev.pb-c.h"
 
@@ -676,8 +678,19 @@ static inline int dump_rule(struct cr_imgset *fds)
 
 static inline int dump_iptables(struct cr_imgset *fds)
 {
-	struct cr_img *img = img_from_set(fds, CR_FD_IPTABLES);
-	return run_iptables_tool("iptables-save", -1, img_raw_fd(img));
+	struct cr_img *img;
+
+	img = img_from_set(fds, CR_FD_IPTABLES);
+	if (run_iptables_tool("iptables-save", -1, img_raw_fd(img)))
+		return -1;
+
+	if (kdat.ipv6) {
+		img = img_from_set(fds, CR_FD_IP6TABLES);
+		if (run_iptables_tool("ip6tables-save", -1, img_raw_fd(img)))
+			return -1;
+	}
+
+	return 0;
 }
 
 static int dump_netns_conf(struct cr_imgset *fds)
@@ -783,6 +796,18 @@ static inline int restore_iptables(int pid)
 		ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
 		close_image(img);
 	}
+	if (ret)
+		return ret;
+
+	img = open_image(CR_FD_IP6TABLES, O_RSTR, pid);
+	if (img == NULL)
+		return -1;
+	if (empty_image(img))
+		goto out;
+
+	ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
+out:
+	close_image(img);
 
 	return ret;
 }
-- 
2.4.3

