mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-09-01 06:45:35 +00:00
Code Issues Releases Wiki Activity

net/iptables: check iptables command has wait option

Browse Source 
v2: fix compilation warning for snprintf
v3: check iptables has xtables locks support once on init
v4: switch opts to kdat
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This commit is contained in:
Pavel Tikhomirov
2016-06-25 13:09:00 +03:00
committed by Pavel Emelyanov
parent df5a2f2600
commit 68a938ea84
3 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
criu/include/kerndat.h
View File

@@ -34,6 +34,7 @@ struct kerndat_s {
bool ipv6; bool ipv6;
bool has_loginuid; bool has_loginuid;
enum pagemap_func pmap; enum pagemap_func pmap;
unsigned int has_xtlocks;
}; };
extern struct kerndat_s kdat; extern struct kerndat_s kdat;

15
criu/kerndat.c
View File

@@ -446,6 +446,17 @@ int kerndat_loginuid(bool only_dump)
return 0; return 0;
} }
static int kerndat_iptables_has_xtlocks(void)
{
char *argv[4] = { "sh", "-c", "iptables -w -L", NULL };
kdat.has_xtlocks = 1;
if (cr_system(-1, -1, -1, "sh", argv, CRS_CAN_FAIL) == -1)
kdat.has_xtlocks = 0;
return 0;
}
int kerndat_init(void) int kerndat_init(void)
{ {
int ret; int ret;
@@ -467,6 +478,8 @@ int kerndat_init(void)
ret = get_ipv6(); ret = get_ipv6();
if (!ret) if (!ret)
ret = kerndat_loginuid(true); ret = kerndat_loginuid(true);
if (!ret)
ret = kerndat_iptables_has_xtlocks();
kerndat_lsm(); kerndat_lsm();
@@ -494,6 +507,8 @@ int kerndat_init_rst(void)
ret = get_ipv6(); ret = get_ipv6();
if (!ret) if (!ret)
ret = kerndat_loginuid(false); ret = kerndat_loginuid(false);
if (!ret)
ret = kerndat_iptables_has_xtlocks();
kerndat_lsm(); kerndat_lsm();

4
criu/netfilter.c
View File

@@ -12,6 +12,7 @@
#include "netfilter.h" #include "netfilter.h"
#include "sockets.h" #include "sockets.h"
#include "sk-inet.h" #include "sk-inet.h"
#include "kerndat.h"
static char buf[512]; static char buf[512];
@@ -20,7 +21,7 @@ static char buf[512];
* ANy brave soul to write it using xtables-devel? * ANy brave soul to write it using xtables-devel?
*/ */
static const char *nf_conn_cmd = "%s -w -t filter %s %s --protocol tcp " static const char *nf_conn_cmd = "%s %s -t filter %s %s --protocol tcp "
"--source %s --sport %d --destination %s --dport %d -j DROP"; "--source %s --sport %d --destination %s --dport %d -j DROP";
static char iptable_cmd_ipv4[] = "iptables"; static char iptable_cmd_ipv4[] = "iptables";
@@ -73,6 +74,7 @@ static int nf_connection_switch_raw(int family, u32 *src_addr, u16 src_port,
} }
snprintf(buf, sizeof(buf), nf_conn_cmd, cmd, snprintf(buf, sizeof(buf), nf_conn_cmd, cmd,
kdat.has_xtlocks ? "-w" : "",
lock ? "-A" : "-D", lock ? "-A" : "-D",
input ? "INPUT" : "OUTPUT", input ? "INPUT" : "OUTPUT",
dip, (int)dst_port, sip, (int)src_port); dip, (int)dst_port, sip, (int)src_port);