net: Add ip rule save/restore

Add support for save and restore of ip rules. It uses new functionality of iproute which is already in iproute git: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=2f4e171f7df22107b38fddcffa56c1ecb5e73359 v2: Use xstrdup() instead of strdup(). v3: Use open/close instead of helper. v4: Return -1 on empty dump. Signed-off-by: Kirill Tkhai <ktkhai@odin.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

net: Add ip rule save/restore
Add support for save and restore of ip rules. It uses new functionality of iproute which is already in iproute git: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=2f4e171f7df22107b38fddcffa56c1ecb5e73359 v2: Use xstrdup() instead of strdup(). v3: Use open/close instead of helper. v4: Return -1 on empty dump. Signed-off-by: Kirill Tkhai <ktkhai@odin.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
c9afd17a · Kirill Tkhai · Pavel Emelyanov · c51cdedc · c9afd17a · c9afd17a
Commit c9afd17a authored Oct 23, 2015 by Kirill Tkhai Committed by Pavel Emelyanov Oct 27, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 0 deletions

image-desc.c image-desc.c +1 -0

image-desc.h include/image-desc.h +1 -0

magic.h include/magic.h +1 -0

net.c net.c +53 -0

No files found.
--- a/image-desc.c
+++ b/image-desc.c
@@ -74,6 +74,7 @@ struct cr_fd_desc_tmpl imgset_template[CR_FD_MAX] = {
 	FD_ENTRY_F(IFADDR,	"ifaddr-%d", O_NOBUF),
 	FD_ENTRY_F(ROUTE,	"route-%d", O_NOBUF),
 	FD_ENTRY_F(ROUTE6,	"route6-%d", O_NOBUF),
+	FD_ENTRY_F(RULE,	"rule-%d", O_NOBUF),
 	FD_ENTRY_F(IPTABLES,	"iptables-%d", O_NOBUF),
 	FD_ENTRY_F(TMPFS_IMG,	"tmpfs-%d.tar.gz", O_NOBUF),
 	FD_ENTRY_F(TMPFS_DEV,	"tmpfs-dev-%d.tar.gz", O_NOBUF),

--- a/include/image-desc.h
+++ b/include/image-desc.h
@@ -40,6 +40,7 @@ enum {
 	CR_FD_IFADDR,
 	CR_FD_ROUTE,
 	CR_FD_ROUTE6,
+	CR_FD_RULE,
 	CR_FD_IPTABLES,
 	CR_FD_NETNS,
 	_CR_FD_NETNS_TO,

--- a/include/magic.h
+++ b/include/magic.h
@@ -93,6 +93,7 @@
 #define IFADDR_MAGIC		RAW_IMAGE_MAGIC
 #define ROUTE_MAGIC		RAW_IMAGE_MAGIC
 #define ROUTE6_MAGIC		RAW_IMAGE_MAGIC
+#define RULE_MAGIC		RAW_IMAGE_MAGIC
 #define TMPFS_IMG_MAGIC		RAW_IMAGE_MAGIC
 #define TMPFS_DEV_MAGIC		RAW_IMAGE_MAGIC
 #define IPTABLES_MAGIC		RAW_IMAGE_MAGIC

--- a/net.c
+++ b/net.c
@@ -600,6 +600,27 @@ static inline int dump_route(struct cr_imgset *fds)
 	return 0;
 }

+static inline int dump_rule(struct cr_imgset *fds)
+{
+	struct cr_img *img;
+	char *path;
+
+	img = img_from_set(fds, CR_FD_RULE);
+	path = xstrdup(img->path);
+
+	if (!path)
+		return -1;
+
+	if (run_ip_tool("rule", "save", NULL, -1, img_raw_fd(img))) {
+		pr_err("Check if \"ip rule save\" is supported!\n");
+		unlinkat(get_service_fd(IMG_FD_OFF), path, 0);
+	}
+
+	free(path);
+
+	return 0;
+}
+
 static inline int dump_iptables(struct cr_imgset *fds)
 {
 	struct cr_img *img = img_from_set(fds, CR_FD_IPTABLES);
@@ -669,6 +690,34 @@ static inline int restore_route(int pid)
 	return 0;
 }

+static inline int restore_rule(int pid)
+{
+	struct cr_img *img;
+	int ret = 0;
+
+	img = open_image(CR_FD_RULE, O_RSTR, pid);
+	if (!img)
+		goto out;
+	if (empty_image(img)) {
+		ret = -1;
+		goto close;
+	}
+	/*
+	 * Delete 3 default rules to prevent duplicates. See kernel's
+	 * function fib_default_rules_init() for the details.
+	 */
+	run_ip_tool("rule", "delete", NULL, -1, -1);
+	run_ip_tool("rule", "delete", NULL, -1, -1);
+	run_ip_tool("rule", "delete", NULL, -1, -1);
+
+	if (restore_ip_dump(CR_FD_RULE, pid, "rule"))
+		ret = -1;
+close:
+	close_image(img);
+out:
+	return ret;
+}
+
 static inline int restore_iptables(int pid)
 {
 	int ret = -1;
@@ -770,6 +819,8 @@ int dump_net_ns(int ns_id)
 		ret = dump_ifaddr(fds);
 	if (!ret)
 		ret = dump_route(fds);
+	if (!ret)
+		ret = dump_rule(fds);
 	if (!ret)
 		ret = dump_iptables(fds);

@@ -795,6 +846,8 @@ int prepare_net_ns(int pid)
 		ret = restore_ifaddr(pid);
 	if (!ret)
 		ret = restore_route(pid);
+	if (!ret)
+		ret = restore_rule(pid);
 	if (!ret)
 		ret = restore_iptables(pid);