Re: [Devel] [PATCH 2/3] net: iptables_tool_{dump, restore} helpers introduced

Mon, 24 Jul 2017 12:15:07 -0700 

On Fri, Jul 21, 2017 at 10:41:58AM +0300, Stanislav Kinsburskiy wrote:
> A couple of simple helpers to destinguish between iptables dump and restore.
> Will be useful later, when iptables restore will happen in VE#0.
> 
> Signed-off-by: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com>
> ---
>  criu/net.c |   19 +++++++++++++++----
>  1 file changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index abf15c6..9986310 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1301,6 +1301,16 @@ static int run_iptables_tool(char *def_cmd, int fdin, 
> int fdout)
>       return ret;
>  }
>  
> +static int iptables_tool_restore(char *def_cmd, int fdin)
> +{
> +     return run_iptables_tool(def_cmd, fdin, -1);
> +}
> +
> +static int iptables_tool_dump(char *def_cmd, int fdout)
> +{
> +     return run_iptables_tool(def_cmd, -1, fdout);
> +}
> +
>  static inline int dump_ifaddr(struct cr_imgset *fds)
>  {
>       struct cr_img *img = img_from_set(fds, CR_FD_IFADDR);
> @@ -1352,12 +1362,12 @@ static inline int dump_iptables(struct cr_imgset *fds)
>       struct cr_img *img;
>  
>       img = img_from_set(fds, CR_FD_IPTABLES);
> -     if (run_iptables_tool("iptables-save", -1, img_raw_fd(img)))
> +     if (iptables_tool_dump("iptables-save", img_raw_fd(img)))
>               return -1;
>  
>       if (kdat.ipv6) {
>               img = img_from_set(fds, CR_FD_IP6TABLES);
> -             if (run_iptables_tool("ip6tables-save", -1, img_raw_fd(img)))
> +             if (iptables_tool_dump("ip6tables-save", img_raw_fd(img)))
>                       return -1;
>       }
>  
> @@ -1528,7 +1538,7 @@ static inline int restore_iptables(int pid)
>  
>       img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
>       if (img) {
> -             ret = run_iptables_tool("iptables-restore", img_raw_fd(img), 
> -1);
> +             ret = iptables_tool_restore("iptables-restore", 
> img_raw_fd(img));
>               close_image(img);
>       }
>       if (ret)
> @@ -1540,7 +1550,8 @@ static inline int restore_iptables(int pid)
>       if (empty_image(img))
>               goto out;
>  
> -     ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
> +     ret = iptables_tool_restore("ip6tables-restore", img_raw_fd(img));

There are two other places, which probably have to be fixed too.

network_lock_internal
network_unlock_internal

I'm not sure about network_lock_internal(), but
network_unlock_internal() is called from ve

> +
>  out:
>       close_image(img);
>  
> 
> _______________________________________________
> Devel mailing list
> Devel@openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to