[CRIU] [PATCH 2/2] net: Add ip rule save/restore

Pavel Emelyanov xemul at parallels.com
Fri Oct 23 09:20:52 PDT 2015


On 10/23/2015 07:18 PM, Kirill Tkhai wrote:
> 
> 
> On 23.10.2015 19:13, Pavel Emelyanov wrote:
>>> @@ -588,6 +588,24 @@ static inline int dump_route(struct cr_imgset *fds)
>>>  	return 0;
>>>  }
>>>  
>>> +static inline int dump_rule(struct cr_imgset *fds)
>>> +{
>>> +	struct cr_img *img = img_from_set(fds, CR_FD_RULE);
>>> +	char *path = strdup(img->path);
>>
>> Variables initialization with anything but constants is not welcome.
> 
> Should I use "img_from_set(fds, CR_FD_RULE)" twice in this function?

No.

struct cr_img *img;

img = img_from_set(fds, CR_FD_RULE);

>>> +	if (!path)
>>> +		return -1;
>>> +
>>> +	if (run_ip_tool("rule", "save", NULL, -1, img_raw_fd(img))) {
>>> +		pr_err("Check if \"ip rule save\" is supported!\n");
>>> +		unlinkat(get_service_fd(IMG_FD_OFF), path, 0);
>>> +	}
>>> +
>>> +	free(path);
>>> +
>>> +	return 0;
>>> +}
>>> +
>>>  static inline int dump_iptables(struct cr_imgset *fds)
>>>  {
>>>  	struct cr_img *img = img_from_set(fds, CR_FD_IPTABLES);
>>> @@ -657,6 +675,24 @@ static inline int restore_route(int pid)
>>>  	return 0;
>>>  }
>>>  
>>> +static inline int restore_rule(int pid)
>>> +{
>>> +	if (test_image(CR_FD_RULE, pid)) {
>>
>> There's no need in test_image(), just call open_image() and
>> check for empty_image() on result.
> 
> I want to delete default rules only if dump exists. It's not good
> to clear all rules if we won't populate them again.

img = open_image(CR_FD_RULE, pid);
if (empty_image(img))
	return 0;

run_ip_tool("rule", "delete", ...);
run_ip_tool("rule", "delete", ...);
run_ip_tool("rule", "delete", ...);

ret = run_ip_tool(...);
close_image();
return ret;

>>> +		/*
>>> +		 * Delete 3 default rules to prevent duplicates. See kernel's
>>> +		 * function fib_default_rules_init() for the details.
>>> +		 */
>>> +		run_ip_tool("rule", "delete", NULL, -1, -1);
>>> +		run_ip_tool("rule", "delete", NULL, -1, -1);
>>> +		run_ip_tool("rule", "delete", NULL, -1, -1);
>>> +
>>> +		if (restore_ip_dump(CR_FD_RULE, pid, "rule"))
>>> +			return -1;
>>> +	}
>>> +
>>> +	return 0;
>>> +}
>>> +
>>>  static inline int restore_iptables(int pid)
>>>  {
>>>  	int ret = -1;
>>
> .
> 



More information about the CRIU mailing list