[CRIU] [PATCH] dump: preload netfilter modules too
Tycho Andersen
tycho.andersen at canonical.com
Fri Feb 26 09:06:34 PST 2016
On Fri, Feb 26, 2016 at 09:41:32AM -0700, Tycho Andersen wrote:
> As with the socket diag modules, since we might be using the
> ip*filter_tables modules, we should preload those as well, in case the host
> system hasn't already loaded them. Really, I should implement netlink
> buffer dumping so we can get rid of this hack :)
Urgh, drop this one.
> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
> ---
> criu/crtools.c | 2 ++
> criu/include/netfilter.h | 2 ++
> criu/netfilter.c | 18 ++++++++++++++++++
> 3 files changed, 22 insertions(+)
>
> diff --git a/criu/crtools.c b/criu/crtools.c
> index a6076b7..a8ddb82 100644
> --- a/criu/crtools.c
> +++ b/criu/crtools.c
> @@ -28,6 +28,7 @@
> #include "files.h"
> #include "sk-inet.h"
> #include "net.h"
> +#include "netfilter.h"
> #include "version.h"
> #include "page-xfer.h"
> #include "tty.h"
> @@ -643,6 +644,7 @@ int main(int argc, char *argv[], char *envp[])
>
> if (!strcmp(argv[optind], "dump")) {
> preload_socket_modules();
> + preload_netfilter_modules();
>
> if (!tree_id)
> goto opt_pid_missing;
> diff --git a/criu/include/netfilter.h b/criu/include/netfilter.h
> index f3667fc..35ef262 100644
> --- a/criu/include/netfilter.h
> +++ b/criu/include/netfilter.h
> @@ -8,4 +8,6 @@ extern int nf_unlock_connection(struct inet_sk_desc *);
> struct inet_sk_info;
> extern int nf_unlock_connection_info(struct inet_sk_info *);
>
> +extern void preload_netfilter_modules(void);
> +
> #endif /* __CR_NETFILTER_H__ */
> diff --git a/criu/netfilter.c b/criu/netfilter.c
> index 95e18aa..5c04526 100644
> --- a/criu/netfilter.c
> +++ b/criu/netfilter.c
> @@ -26,6 +26,24 @@ static const char *nf_conn_cmd = "%s -t filter %s %s --protocol tcp "
> static char iptable_cmd_ipv4[] = "iptables";
> static char iptable_cmd_ipv6[] = "ip6tables";
>
> +void preload_netfilter_modules(void)
> +{
> + int fd;
> +
> + /* same as socket modules, ip_tables and ip6_tables will be loaded by
> + * CRIU, so we should try and preload these as well.
> + */
> + fd = open("/dev/null", O_RDWR);
> + if (fd < 0) {
> + fd = -1;
> + pr_perror("failed to open /dev/null, using log fd for net module preload");
> + }
> + cr_system(fd, fd, fd, iptable_cmd_ipv4,
> + (char *[]) { iptable_cmd_ipv4, "-L", NULL}, 0);
> + cr_system(fd, fd, fd, iptable_cmd_ipv6,
> + (char *[]) { iptable_cmd_ipv6, "-L", NULL}, 0);
> +}
> +
> static int nf_connection_switch_raw(int family, u32 *src_addr, u16 src_port,
> u32 *dst_addr, u16 dst_port,
> bool input, bool lock)
> --
> 2.7.0
>
More information about the CRIU
mailing list