net: dump iptables for ipv6 (v2)

v2: don't dump iptables if ipv6 isn't supported Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

net: dump iptables for ipv6 (v2)
v2: don't dump iptables if ipv6 isn't supported Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
1e8a0594 · Andrew Vagin · Pavel Emelyanov · 1648db97 · 1e8a0594 · 1e8a0594
Commit 1e8a0594 authored Nov 17, 2015 by Andrew Vagin Committed by Pavel Emelyanov Nov 19, 2015
Show whitespace changes
Inline Side-by-side

Showing with 28 additions and 2 deletions

image-desc.c image-desc.c +1 -0

image-desc.h include/image-desc.h +1 -0

magic.h include/magic.h +1 -0

net.c net.c +25 -2

No files found.
--- a/image-desc.c
+++ b/image-desc.c
@@ -76,6 +76,7 @@ struct cr_fd_desc_tmpl imgset_template[CR_FD_MAX] = {
 	FD_ENTRY_F(ROUTE6,	"route6-%d", O_NOBUF),
 	FD_ENTRY_F(RULE,	"rule-%d", O_NOBUF),
 	FD_ENTRY_F(IPTABLES,	"iptables-%d", O_NOBUF),
+	FD_ENTRY_F(IP6TABLES,	"ip6tables-%d", O_NOBUF),
 	FD_ENTRY_F(TMPFS_IMG,	"tmpfs-%d.tar.gz", O_NOBUF),
 	FD_ENTRY_F(TMPFS_DEV,	"tmpfs-dev-%d.tar.gz", O_NOBUF),
 	FD_ENTRY(TTY_FILES,	"tty"),

--- a/include/image-desc.h
+++ b/include/image-desc.h
@@ -42,6 +42,7 @@ enum {
 	CR_FD_ROUTE6,
 	CR_FD_RULE,
 	CR_FD_IPTABLES,
+	CR_FD_IP6TABLES,
 	CR_FD_NETNS,
 	_CR_FD_NETNS_TO,


--- a/include/magic.h
+++ b/include/magic.h
@@ -98,6 +98,7 @@
 #define TMPFS_IMG_MAGIC		RAW_IMAGE_MAGIC
 #define TMPFS_DEV_MAGIC		RAW_IMAGE_MAGIC
 #define IPTABLES_MAGIC		RAW_IMAGE_MAGIC
+#define IP6TABLES_MAGIC		RAW_IMAGE_MAGIC

 #define PAGES_OLD_MAGIC		PAGEMAP_MAGIC
 #define SHM_PAGES_OLD_MAGIC	PAGEMAP_MAGIC

--- a/net.c
+++ b/net.c
@@ -676,8 +676,19 @@ static inline int dump_rule(struct cr_imgset *fds)

 static inline int dump_iptables(struct cr_imgset *fds)
 {
-	struct cr_img *img = img_from_set(fds, CR_FD_IPTABLES);
-	return run_iptables_tool("iptables-save", -1, img_raw_fd(img));
+	struct cr_img *img;
+
+	img = img_from_set(fds, CR_FD_IPTABLES);
+	if (run_iptables_tool("iptables-save", -1, img_raw_fd(img)))
+		return -1;
+
+	if (kdat.ipv6) {
+		img = img_from_set(fds, CR_FD_IP6TABLES);
+		if (run_iptables_tool("ip6tables-save", -1, img_raw_fd(img)))
+			return -1;
+	}
+
+	return 0;
 }

 static int dump_netns_conf(struct cr_imgset *fds)
@@ -783,6 +794,18 @@ static inline int restore_iptables(int pid)
 		ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
 		close_image(img);
 	}
+	if (ret)
+		return ret;
+
+	img = open_image(CR_FD_IP6TABLES, O_RSTR, pid);
+	if (img == NULL)
+		return -1;
+	if (empty_image(img))
+		goto out;
+
+	ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
+out:
+	close_image(img);

 	return ret;
 }