[CRIU] [PATCH v2] net: Make criu do not fail on recent iproute2

Kirill Tkhai ktkhai at virtuozzo.com
Thu Nov 3 02:07:08 PDT 2016 

On 03.11.2016 08:02, Pavel Emelyanov wrote:
> On 11/02/2016 12:15 PM, Kirill Tkhai wrote:
>> Since iprule commit 67a990b81126 command "ip rule del" is not working anymore:
>>
>>     iproute: disallow ip rule del without parameters
>>
>>     Disallow run `ip rule del` without any parameter to avoid delete any first
>>     rule from table.
>>
>>     Signed-off-by: Andrey Jr. Melnikov <temnota.am at gmail.com>
> 
> Hm... Was it OK from Stephen Hemminger's perspective that the tool's API
> had changed and had potentially broken ... some other userspace around it?

Here is the commit:

http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=67a990b8112611e5e4b64f2a5f6ee890422d7695

CC: Stephen Hemminger

>> So, criu restore fails with:
>>
>>     Error (criu/net.c:1277): IP tool failed on rule delete
>>
>> Fix that by explicit passing of rule's table.
>>
>> v2: Use "ip rule flush" to main's and default's table rules at once.
>>
>> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
>> ---
>>  criu/net.c |   23 +++++++++++------------
>>  1 file changed, 11 insertions(+), 12 deletions(-)
>>
>> diff --git a/criu/net.c b/criu/net.c
>> index f563f00..123921d 100644
>> --- a/criu/net.c
>> +++ b/criu/net.c
>> @@ -1259,22 +1259,22 @@ static int restore_links(int pid, NetnsEntry **netns)
>>  	return ret;
>>  }
>>  
>> -static int run_ip_tool(char *arg1, char *arg2, char *arg3, int fdin, int fdout, unsigned flags)
>> +static int run_ip_tool(char *arg1, char *arg2, char *arg3, char *arg4, int fdin, int fdout, unsigned flags)
>>  {
>>  	char *ip_tool_cmd;
>>  	int ret;
>>  
>> -	pr_debug("\tRunning ip %s %s\n", arg1, arg2);
>> +	pr_debug("\tRunning ip %s %s %s %s\n", arg1, arg2, arg3 ? : "\0", arg4 ? : "\0");
>>  
>>  	ip_tool_cmd = getenv("CR_IP_TOOL");
>>  	if (!ip_tool_cmd)
>>  		ip_tool_cmd = "ip";
>>  
>>  	ret = cr_system(fdin, fdout, -1, ip_tool_cmd,
>> -				(char *[]) { "ip", arg1, arg2, arg3, NULL }, flags);
>> +				(char *[]) { "ip", arg1, arg2, arg3, arg4, NULL }, flags);
>>  	if (ret) {
>>  		if (!(flags & CRS_CAN_FAIL))
>> -			pr_err("IP tool failed on %s %s\n", arg1, arg2);
>> +			pr_err("IP tool failed on %s %s %s %s\n", arg1, arg2, arg3 ? : "\0", arg4 ? : "\0");
>>  		return -1;
>>  	}
>>  
>> @@ -1300,7 +1300,7 @@ static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
>>  static inline int dump_ifaddr(struct cr_imgset *fds)
>>  {
>>  	struct cr_img *img = img_from_set(fds, CR_FD_IFADDR);
>> -	return run_ip_tool("addr", "save", NULL, -1, img_raw_fd(img), 0);
>> +	return run_ip_tool("addr", "save", NULL, NULL, -1, img_raw_fd(img), 0);
>>  }
>>  
>>  static inline int dump_route(struct cr_imgset *fds)
>> @@ -1308,7 +1308,7 @@ static inline int dump_route(struct cr_imgset *fds)
>>  	struct cr_img *img;
>>  
>>  	img = img_from_set(fds, CR_FD_ROUTE);
>> -	if (run_ip_tool("route", "save", NULL, -1, img_raw_fd(img), 0))
>> +	if (run_ip_tool("route", "save", NULL, NULL, -1, img_raw_fd(img), 0))
>>  		return -1;
>>  
>>  	/* If ipv6 is disabled, "ip -6 route dump" dumps all routes */
>> @@ -1316,7 +1316,7 @@ static inline int dump_route(struct cr_imgset *fds)
>>  		return 0;
>>  
>>  	img = img_from_set(fds, CR_FD_ROUTE6);
>> -	if (run_ip_tool("-6", "route", "save", -1, img_raw_fd(img), 0))
>> +	if (run_ip_tool("-6", "route", "save", NULL, -1, img_raw_fd(img), 0))
>>  		return -1;
>>  
>>  	return 0;
>> @@ -1333,7 +1333,7 @@ static inline int dump_rule(struct cr_imgset *fds)
>>  	if (!path)
>>  		return -1;
>>  
>> -	if (run_ip_tool("rule", "save", NULL, -1, img_raw_fd(img), CRS_CAN_FAIL)) {
>> +	if (run_ip_tool("rule", "save", NULL, NULL, -1, img_raw_fd(img), CRS_CAN_FAIL)) {
>>  		pr_warn("Check if \"ip rule save\" is supported!\n");
>>  		unlinkat(get_service_fd(IMG_FD_OFF), path, 0);
>>  	}
>> @@ -1465,7 +1465,7 @@ static int restore_ip_dump(int type, int pid, char *cmd)
>>  		return 0;
>>  	}
>>  	if (img) {
>> -		ret = run_ip_tool(cmd, "restore", NULL, img_raw_fd(img), -1, 0);
>> +		ret = run_ip_tool(cmd, "restore", NULL, NULL, img_raw_fd(img), -1, 0);
>>  		close_image(img);
>>  	}
>>  
>> @@ -1506,9 +1506,8 @@ static inline int restore_rule(int pid)
>>  	 * Delete 3 default rules to prevent duplicates. See kernel's
>>  	 * function fib_default_rules_init() for the details.
>>  	 */
>> -	run_ip_tool("rule", "delete", NULL, -1, -1, 0);
>> -	run_ip_tool("rule", "delete", NULL, -1, -1, 0);
>> -	run_ip_tool("rule", "delete", NULL, -1, -1, 0);
>> +	run_ip_tool("rule", "flush",  NULL,    NULL,    -1, -1, 0);
>> +	run_ip_tool("rule", "delete", "table", "local", -1, -1, 0);
>>  
>>  	if (restore_ip_dump(CR_FD_RULE, pid, "rule"))
>>  		ret = -1;
>>
>> .
>>
>

More information about the CRIU mailing list