inventory: save network lock method to reuse in restore

When the network is locked using a specific method like iptables
or nftables there is no need to require passing the same method
during restore.

We save the lock method during dump in the inventory image and
use that in restore.

This always overwrites the restore --network-lock option.

v2: store opts.network_lock_method directly to avoid dependency
    on rpc.proto's 'enum criu_network_lock_method'.
v3: fall back to iptables if image is generated with an older
    version of CRIU.
v4: remove --network-lock from netns_lock_* from restore

Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>

criu/image.c

@@ -86,6 +86,21 @@ int check_img_inventory(bool restore)
 		goto out_err;
 	}
 
+	if (restore) {
+		if (!he->has_network_lock_method) {
+			/*
+			 * Image files were generated with an older version of CRIU
+			 * so we should fall back to iptables because this is the
+			 * network-lock mechanism used in older versions.
+			 */
+			pr_info("Network lock method not found in inventory image\n");
+			pr_info("Falling back to iptables network lock method\n");
+			opts.network_lock_method = NETWORK_LOCK_IPTABLES;
+		} else {
+			opts.network_lock_method = he->network_lock_method;
+		}
+	}
+
 	ret = 0;
 
 out_err:
@@ -223,6 +238,10 @@ int prepare_inventory(InventoryEntry *he)
 		he->has_tcp_close = true;
 	}
 
+	/* Save network lock method to reuse in restore */
+	he->has_network_lock_method = true;
+	he->network_lock_method = opts.network_lock_method;
+
 	return 0;
 }
 

images/inventory.proto

@@ -20,4 +20,5 @@ message inventory_entry {
 	optional uint64			dump_uptime	= 8;
 	optional uint32			pre_dump_mode	= 9;
 	optional bool			tcp_close	= 10;
+	optional uint32			network_lock_method	= 11;
 }

test/zdtm/static/net_lock_socket_iptables.desc

@@ -1,5 +1,6 @@
 {
     'flavor': 'h',
     'flags': 'suid excl',
-    'opts': '--tcp-established --network-lock iptables',
+    'dopts': '--tcp-established --network-lock iptables',
+    'ropts': '--tcp-established',
 }

test/zdtm/static/net_lock_socket_iptables6.desc

@@ -1,5 +1,6 @@
 {
     'flavor': 'h',
     'flags': 'suid excl',
-    'opts': '--tcp-established --network-lock iptables',
+    'dopts': '--tcp-established --network-lock iptables',
+    'ropts': '--tcp-established',
 }

test/zdtm/static/net_lock_socket_nftables.desc

@@ -2,5 +2,6 @@
     'flavor': 'h',
     'flags': 'suid excl',
     'feature': 'network_lock_nftables',
-    'opts': '--tcp-established --network-lock nftables',
+    'dopts': '--tcp-established --network-lock nftables',
+    'ropts': '--tcp-established',
 }

test/zdtm/static/net_lock_socket_nftables6.desc

@@ -2,5 +2,6 @@
     'flavor': 'h',
     'flags': 'suid excl',
     'feature': 'network_lock_nftables',
-    'opts': '--tcp-established --network-lock nftables',
+    'dopts': '--tcp-established --network-lock nftables',
+    'ropts': '--tcp-established',
 }

test/zdtm/static/netns_lock_iptables.desc

@@ -1,6 +1,7 @@
 {
     'flavor': 'h',
     'flags': 'suid excl',
-    'opts': '--tcp-established --network-lock iptables',
+    'opts': '--tcp-established',
+    'dopts': '--network-lock iptables',
     'ropts': '--join-ns net:/var/run/netns/criu-net-lock-test'
 }

test/zdtm/static/netns_lock_nftables.desc

@@ -2,6 +2,7 @@
     'flavor': 'h',
     'flags': 'suid excl',
     'feature': 'network_lock_nftables',
-    'opts': '--tcp-established --network-lock nftables',
+    'opts': '--tcp-established',
+    'dopts': '--network-lock nftables',
     'ropts': '--join-ns net:/var/run/netns/criu-net-lock-test'
 }