Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
utils: suppress errors on missing legacy iptables
When the legacy iptables backend is not installed, iptables-legacy-save
and ip6tables-legacy-save binary files are missing and this results in
the following error messages:
(00.062021) iptables has nft backend: iptables-save v1.8.8 (nf_tables)
Error (criu/util.c:626): execvp("iptables-legacy-save", ...) failed: No such file or directory
(00.062793) Error (criu/util.c:641): exited, status=1
(00.062800) Error (criu/util.c:1566): iptables-legacy-save -V failed
(00.069758) iptables has nft backend: ip6tables-save v1.8.8 (nf_tables)
Error (criu/util.c:626): execvp("ip6tables-legacy-save", ...) failed: No such file or directory
(00.070615) Error (criu/util.c:641): exited, status=1
(00.070624) Error (criu/util.c:1566): ip6tables-legacy-save -V failed
(00.070632) skipping iptables dump - no legacy version present
(00.070635) skipping ip6tables dump - no legacy version present
The error messages "No such file or directory" can be ignored.
This patch updates the get_legacy_iptables_bin() to check if the
/proc/net/ip(6)_tables_names file is empty before trying to run
iptables-legacy.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1676,6 +1676,34 @@ static int is_iptables_nft(char *bin) | |
| return ret; | ||
| } | ||
|
|
||
|
|
||
|
Check warning on line 1679 in criu/util.c
|
||
| /** | ||
| * Check if the system is using legacy iptables. | ||
| * This function is similar to nft_check_xt_legacy(): | ||
| * https://git.netfilter.org/iptables/tree/iptables/nft-shared.c | ||
| * | ||
| * Return value: | ||
| * 1 legacy tables present | ||
| * 0 legacy tables not present | ||
| * -1 error | ||
| */ | ||
| int check_ipt_legacy(bool ipv6) | ||
| { | ||
| FILE *fp = NULL; | ||
| char buf[1024]; | ||
| const char tables[2][27] = {"/proc/net/ip_tables_names", "/proc/net/ip6_tables_names"}; | ||
|
Check warning on line 1694 in criu/util.c
|
||
| int exit_code = 0; | ||
|
|
||
| fp = fopen(tables[ipv6], "r"); | ||
| if (!fp) | ||
| return -1; | ||
|
|
||
| if (fgets(buf, sizeof(buf), fp)) | ||
| exit_code = 1; | ||
| fclose(fp); | ||
| return exit_code; | ||
| } | ||
|
|
||
| char *get_legacy_iptables_bin(bool ipv6, bool restore) | ||
| { | ||
| static char iptables_bin[2][2][32]; | ||
|
|
@@ -1704,8 +1732,11 @@ char *get_legacy_iptables_bin(bool ipv6, bool restore) | |
| * let's try iptables-legacy | ||
| */ | ||
| if (ret < 0 || ret == 1) { | ||
| if (check_ipt_legacy(ipv6) == 1) { | ||
| memcpy(iptables_bin[ipv6][restore], bins[ipv6][restore][1], strlen(bins[ipv6][restore][1]) + 1); | ||
| ret = is_iptables_nft(iptables_bin[ipv6][restore]); | ||
| } | ||
|
|
||
| if (ret < 0 || ret == 1) { | ||
| iptables_present[ipv6][restore] = -1; | ||
| return NULL; | ||
|
|
||
