Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: redirect nftables stdout and stderr to CRIU's log file #2549

Merged
merged 2 commits into from
Jan 17, 2025
Merged

net: redirect nftables stdout and stderr to CRIU's log file #2549

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0a17c41
util: added cleanup_file attribute.
adrianreber Jan 16, 2025
1ed4109
net: redirect nftables stdout and stderr to CRIU's log file
adrianreber Dec 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions criu/include/util.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,14 @@ static inline void cleanup_freep(void *p)
free(*pp);
}

#define cleanup_file __attribute__((cleanup(cleanup_filep)))
static inline void cleanup_filep(FILE **f)
{
FILE *file = *f;
if (file)
(void)fclose(file);
}

extern int run_command(char *buf, size_t buf_size, int (*child_fn)(void *), void *args);

/*
Expand Down
43 changes: 43 additions & 0 deletions criu/net.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3066,9 +3066,43 @@ static int iptables_restore(bool ipv6, char *buf, int size)
return ret;
}

#if defined(CONFIG_HAS_NFTABLES_LIB_API_0) || defined(CONFIG_HAS_NFTABLES_LIB_API_1)
static inline FILE *redirect_nftables_output(struct nft_ctx *nft)
{
FILE *fp;
int fd;

fd = dup(log_get_fd());
if (fd < 0) {
pr_perror("dup() to redirect nftables output failed");
return NULL;
}

fp = fdopen(fd, "w");
if (!fp) {
pr_perror("fdopen() to redirect nftables output failed");
return NULL;
}

/**
* Without setvbuf() the output from libnftables will be
* somewhere in the log file, probably at the end.
* With setvbuf() potential output will be at the correct
* position.
*/
setvbuf(fp, NULL, _IONBF, 0);

nft_ctx_set_output(nft, fp);
nft_ctx_set_error(nft, fp);

return fp;
}
#endif

static inline int nftables_lock_network_internal(void)
{
#if defined(CONFIG_HAS_NFTABLES_LIB_API_0) || defined(CONFIG_HAS_NFTABLES_LIB_API_1)
cleanup_file FILE *fp = NULL;
struct nft_ctx *nft;
int ret = 0;
char table[32];
Expand All @@ -3081,6 +3115,10 @@ static inline int nftables_lock_network_internal(void)
if (!nft)
return -1;

fp = redirect_nftables_output(nft);
if (!fp)
goto out;

snprintf(buf, sizeof(buf), "create table %s", table);
if (NFT_RUN_CMD(nft, buf))
goto err2;
Expand Down Expand Up @@ -3168,6 +3206,7 @@ static inline int nftables_network_unlock(void)
{
#if defined(CONFIG_HAS_NFTABLES_LIB_API_0) || defined(CONFIG_HAS_NFTABLES_LIB_API_1)
int ret = 0;
cleanup_file FILE *fp = NULL;
struct nft_ctx *nft;
char table[32];
char buf[128];
Expand All @@ -3179,6 +3218,10 @@ static inline int nftables_network_unlock(void)
if (!nft)
return -1;

fp = redirect_nftables_output(nft);
if (!fp)
return -1;

snprintf(buf, sizeof(buf), "delete table %s", table);
if (NFT_RUN_CMD(nft, buf))
ret = -1;
Expand Down
Loading