net: use legacy iptables for network locking

Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
checkpoint-restore · Jan 1, 2024 · 73ceefd · 73ceefd
1 parent 5670b48
commit 73ceefd
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/criu/net.c b/criu/net.c
@@ -3031,10 +3031,16 @@ int netns_keep_nsfd(void)
 static int iptables_restore(bool ipv6, char *buf, int size)
 {
 	int pfd[2], ret = -1;
-	char *cmd4[] = { "iptables-restore", "-w", "--noflush", NULL };
-	char *cmd6[] = { "ip6tables-restore", "-w", "--noflush", NULL };
+	char *ipt_legacy_bin = get_legacy_iptables_bin(ipv6, true);
+	char *cmd4[] = { ipt_legacy_bin, "-w", "--noflush", NULL };
+	char *cmd6[] = { ipt_legacy_bin, "-w", "--noflush", NULL };
 	char **cmd = ipv6 ? cmd6 : cmd4;
 
+	if (!ipt_legacy_bin) {
+		pr_warn("Couldn't find iptables version which is using iptables legacy API\n");
+		return -1;
+	}
+
 	if (pipe(pfd) < 0) {
 		pr_perror("Unable to create pipe");
 		return -1;

diff --git a/scripts/build/Dockerfile.alpine b/scripts/build/Dockerfile.alpine
@@ -33,6 +33,7 @@ RUN make mrproper && date && make -j $(nproc) CC="$CC" && date
 RUN apk add \
 	ip6tables \
 	iptables \
+	iptables-legacy \
 	nftables \
 	iproute2 \
 	tar \