[CRIU] [PATCH 2/2] net: Add ip rule save/restore
Pavel Emelyanov
xemul at parallels.com
Fri Oct 23 09:20:52 PDT 2015
On 10/23/2015 07:18 PM, Kirill Tkhai wrote:
>
>
> On 23.10.2015 19:13, Pavel Emelyanov wrote:
>>> @@ -588,6 +588,24 @@ static inline int dump_route(struct cr_imgset *fds)
>>> return 0;
>>> }
>>>
>>> +static inline int dump_rule(struct cr_imgset *fds)
>>> +{
>>> + struct cr_img *img = img_from_set(fds, CR_FD_RULE);
>>> + char *path = strdup(img->path);
>>
>> Variables initialization with anything but constants is not welcome.
>
> Should I use "img_from_set(fds, CR_FD_RULE)" twice in this function?
No.
struct cr_img *img;
img = img_from_set(fds, CR_FD_RULE);
>>> + if (!path)
>>> + return -1;
>>> +
>>> + if (run_ip_tool("rule", "save", NULL, -1, img_raw_fd(img))) {
>>> + pr_err("Check if \"ip rule save\" is supported!\n");
>>> + unlinkat(get_service_fd(IMG_FD_OFF), path, 0);
>>> + }
>>> +
>>> + free(path);
>>> +
>>> + return 0;
>>> +}
>>> +
>>> static inline int dump_iptables(struct cr_imgset *fds)
>>> {
>>> struct cr_img *img = img_from_set(fds, CR_FD_IPTABLES);
>>> @@ -657,6 +675,24 @@ static inline int restore_route(int pid)
>>> return 0;
>>> }
>>>
>>> +static inline int restore_rule(int pid)
>>> +{
>>> + if (test_image(CR_FD_RULE, pid)) {
>>
>> There's no need in test_image(), just call open_image() and
>> check for empty_image() on result.
>
> I want to delete default rules only if dump exists. It's not good
> to clear all rules if we won't populate them again.
img = open_image(CR_FD_RULE, pid);
if (empty_image(img))
return 0;
run_ip_tool("rule", "delete", ...);
run_ip_tool("rule", "delete", ...);
run_ip_tool("rule", "delete", ...);
ret = run_ip_tool(...);
close_image();
return ret;
>>> + /*
>>> + * Delete 3 default rules to prevent duplicates. See kernel's
>>> + * function fib_default_rules_init() for the details.
>>> + */
>>> + run_ip_tool("rule", "delete", NULL, -1, -1);
>>> + run_ip_tool("rule", "delete", NULL, -1, -1);
>>> + run_ip_tool("rule", "delete", NULL, -1, -1);
>>> +
>>> + if (restore_ip_dump(CR_FD_RULE, pid, "rule"))
>>> + return -1;
>>> + }
>>> +
>>> + return 0;
>>> +}
>>> +
>>> static inline int restore_iptables(int pid)
>>> {
>>> int ret = -1;
>>
> .
>
More information about the CRIU
mailing list