crash.software
Projects
Pull Requests
Issues
Builds
criu
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY criu Commits 42c4be2a
🤬
  • ■ ■ ■ ■ ■ ■
    criu/cr-check.c
    skipped 1192 lines
    1193 1193   char *ipt_legacy_bin;
    1194 1194   char *ip6t_legacy_bin;
    1195 1195   
    1196  - ipt_legacy_bin = get_legacy_iptables_bin(false);
     1196 + ipt_legacy_bin = get_legacy_iptables_bin(false, false);
    1197 1197   if (!ipt_legacy_bin) {
    1198 1198   pr_warn("Couldn't find iptables version which is using iptables legacy API\n");
    1199 1199   return -1;
    skipped 4 lines
    1204 1204   if (!kdat.ipv6)
    1205 1205   return 0;
    1206 1206   
    1207  - ip6t_legacy_bin = get_legacy_iptables_bin(true);
     1207 + ip6t_legacy_bin = get_legacy_iptables_bin(true, false);
    1208 1208   if (!ip6t_legacy_bin) {
    1209 1209   pr_warn("Couldn't find ip6tables version which is using iptables legacy API\n");
    1210 1210   return -1;
    skipped 519 lines
  • ■ ■ ■ ■
    criu/include/util.h
    skipped 383 lines
    384 384   
    385 385  extern int mount_detached_fs(const char *fsname);
    386 386   
    387  -extern char *get_legacy_iptables_bin(bool ipv6);
     387 +extern char *get_legacy_iptables_bin(bool ipv6, bool restore);
    388 388   
    389 389  extern int set_opts_cap_eff(void);
    390 390   
    skipped 23 lines
  • ■ ■ ■ ■ ■
    criu/net.c
    skipped 2038 lines
    2039 2039   * and iptables backend is nft to prevent duplicate dumps.
    2040 2040   */
    2041 2041  #if defined(CONFIG_HAS_NFTABLES_LIB_API_0) || defined(CONFIG_HAS_NFTABLES_LIB_API_1)
    2042  - iptables_cmd = get_legacy_iptables_bin(false);
     2042 + iptables_cmd = get_legacy_iptables_bin(false, false);
    2043 2043   
    2044 2044   if (kdat.ipv6)
    2045  - ip6tables_cmd = get_legacy_iptables_bin(true);
     2045 + ip6tables_cmd = get_legacy_iptables_bin(true, false);
    2046 2046  #endif
    2047 2047   
    2048 2048   if (!iptables_cmd) {
    skipped 311 lines
    2360 2360   
    2361 2361  static inline int restore_iptables(int pid)
    2362 2362  {
     2363 + char *iptables_cmd = "iptables-restore";
     2364 + char *ip6tables_cmd = "ip6tables-restore";
     2365 + char comm[32];
    2363 2366   int ret = -1;
    2364 2367   struct cr_img *img;
     2368 + 
     2369 +#if defined(CONFIG_HAS_NFTABLES_LIB_API_0) || defined(CONFIG_HAS_NFTABLES_LIB_API_1)
     2370 + iptables_cmd = get_legacy_iptables_bin(false, true);
     2371 + 
     2372 + if (kdat.ipv6)
     2373 + ip6tables_cmd = get_legacy_iptables_bin(true, true);
     2374 +#endif
    2365 2375   
    2366 2376   img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
    2367 2377   if (img == NULL)
    skipped 4 lines
    2372 2382   goto ipt6;
    2373 2383   }
    2374 2384   
    2375  - ret = run_iptables_tool("iptables-restore -w", img_raw_fd(img), -1);
     2385 + if (!iptables_cmd) {
     2386 + pr_err("Can't restore iptables dump - no legacy version present\n");
     2387 + close_image(img);
     2388 + return -1;
     2389 + }
     2390 + 
     2391 + if (snprintf(comm, sizeof(comm), "%s -w", iptables_cmd) >= sizeof(comm)) {
     2392 + pr_err("Can't fit '%s -w' to buffer\n", iptables_cmd);
     2393 + close_image(img);
     2394 + return -1;
     2395 + }
     2396 + 
     2397 + ret = run_iptables_tool(comm, img_raw_fd(img), -1);
    2376 2398   close_image(img);
    2377 2399   if (ret)
    2378 2400   return ret;
    skipped 4 lines
    2383 2405   if (empty_image(img))
    2384 2406   goto out;
    2385 2407   
    2386  - ret = run_iptables_tool("ip6tables-restore -w", img_raw_fd(img), -1);
     2408 + if (!ip6tables_cmd) {
     2409 + pr_err("Can't restore ip6tables dump - no legacy version present\n");
     2410 + close_image(img);
     2411 + return -1;
     2412 + }
     2413 + 
     2414 + if (snprintf(comm, sizeof(comm), "%s -w", ip6tables_cmd) >= sizeof(comm)) {
     2415 + pr_err("Can't fit '%s -w' to buffer\n", ip6tables_cmd);
     2416 + close_image(img);
     2417 + return -1;
     2418 + }
     2419 + 
     2420 + ret = run_iptables_tool(comm, img_raw_fd(img), -1);
    2387 2421  out:
    2388 2422   close_image(img);
    2389 2423   
    skipped 1386 lines
  • ■ ■ ■ ■ ■ ■
    criu/util.c
    skipped 1593 lines
    1594 1594   return ret;
    1595 1595  }
    1596 1596   
    1597  -char *get_legacy_iptables_bin(bool ipv6)
     1597 +char *get_legacy_iptables_bin(bool ipv6, bool restore)
    1598 1598  {
    1599  - static char iptables_bin[2][32];
     1599 + static char iptables_bin[2][2][32];
    1600 1600   /* 0 - means we don't know yet,
    1601 1601   * -1 - not present,
    1602 1602   * 1 - present.
    1603 1603   */
    1604  - static int iptables_present[2] = { 0, 0 };
    1605  - char bins[2][2][32] = { { "iptables-save", "iptables-legacy-save" },
    1606  - { "ip6tables-save", "ip6tables-legacy-save" } };
     1604 + static int iptables_present[2][2] = { { 0, 0 }, { 0, 0 } };
     1605 + char bins[2][2][2][32] = { { { "iptables-save", "iptables-legacy-save" },
     1606 + { "iptables-restore", "iptables-legacy-restore" } },
     1607 + { { "ip6tables-save", "ip6tables-legacy-save" },
     1608 + { "ip6tables-restore", "ip6tables-legacy-restore" } } };
    1607 1609   int ret;
    1608 1610   
    1609  - if (iptables_present[ipv6] == -1)
     1611 + if (iptables_present[ipv6][restore] == -1)
    1610 1612   return NULL;
    1611 1613   
    1612  - if (iptables_present[ipv6] == 1)
    1613  - return iptables_bin[ipv6];
     1614 + if (iptables_present[ipv6][restore] == 1)
     1615 + return iptables_bin[ipv6][restore];
    1614 1616   
    1615  - memcpy(iptables_bin[ipv6], bins[ipv6][0], strlen(bins[ipv6][0]) + 1);
    1616  - ret = is_iptables_nft(iptables_bin[ipv6]);
     1617 + memcpy(iptables_bin[ipv6][restore], bins[ipv6][restore][0], strlen(bins[ipv6][restore][0]) + 1);
     1618 + ret = is_iptables_nft(iptables_bin[ipv6][restore]);
    1617 1619   
    1618 1620   /*
    1619 1621   * iptables on host uses nft backend (or not installed),
    1620 1622   * let's try iptables-legacy
    1621 1623   */
    1622 1624   if (ret < 0 || ret == 1) {
    1623  - memcpy(iptables_bin[ipv6], bins[ipv6][1], strlen(bins[ipv6][1]) + 1);
    1624  - ret = is_iptables_nft(iptables_bin[ipv6]);
     1625 + memcpy(iptables_bin[ipv6][restore], bins[ipv6][restore][1], strlen(bins[ipv6][restore][1]) + 1);
     1626 + ret = is_iptables_nft(iptables_bin[ipv6][restore]);
    1625 1627   if (ret < 0 || ret == 1) {
    1626  - iptables_present[ipv6] = -1;
     1628 + iptables_present[ipv6][restore] = -1;
    1627 1629   return NULL;
    1628 1630   }
    1629 1631   }
    1630 1632   
    1631 1633   /* we can come here with iptables-save or iptables-legacy-save */
    1632  - iptables_present[ipv6] = 1;
     1634 + iptables_present[ipv6][restore] = 1;
    1633 1635   
    1634  - return iptables_bin[ipv6];
     1636 + return iptables_bin[ipv6][restore];
    1635 1637  }
    1636 1638   
    1637 1639  /*
    skipped 452 lines
Please wait...
Page is in error, reload to recover