cr-service: add network_lock option to RPC and libcriu

v2: run make indent Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
2026-01-23 02:14:37 +00:00 · 2021-06-12 20:45:03 +02:00 · 2021-06-12 20:45:03 +02:00 · b85fad797c
commit b85fad797c
parent 2e30db5c3d
4 changed files with 41 additions and 0 deletions
--- a/criu/cr-service.c
+++ b/criu/cr-service.c
@ -502,6 +502,19 @@ static int setup_opts_from_req(int sk, CriuOpts *req)
 		}
 	}

+	if (req->has_network_lock) {
+		switch (req->network_lock) {
+		case CRIU_NETWORK_LOCK_METHOD__IPTABLES:
+			opts.network_lock_method = NETWORK_LOCK_IPTABLES;
+			break;
+		case CRIU_NETWORK_LOCK_METHOD__NFTABLES:
+			opts.network_lock_method = NETWORK_LOCK_NFTABLES;
+			break;
+		default:
+			goto err;
+		}
+	}
+
 	if (req->ps) {
 		opts.port = (short)req->ps->port;

--- a/images/rpc.proto
+++ b/images/rpc.proto
@ -49,6 +49,11 @@ enum criu_cg_mode {
 	DEFAULT = 6;
 };

+enum criu_network_lock_method {
+	IPTABLES = 	1;
+	NFTABLES = 	2;
+};
+
 enum criu_pre_dump_mode {
 	SPLICE = 	1;
 	VM_READ =	2;
@ -131,6 +136,7 @@ message criu_opts {
 	optional criu_pre_dump_mode	pre_dump_mode		= 61 [default = SPLICE];
 	optional int32			pidfd_store_sk		= 62;
 	optional string			lsm_mount_context	= 63;
+	optional criu_network_lock_method	network_lock		= 64 [default = IPTABLES];
 /*	optional bool			check_mounts		= 128;	*/
 }

--- a/lib/c/criu.c
+++ b/lib/c/criu.c
@ -1789,3 +1789,18 @@ void criu_set_pidfd_store_sk(int sk)
 {
 	criu_local_set_pidfd_store_sk(global_opts, sk);
 }
+
+int criu_local_set_network_lock(criu_opts *opts, enum criu_network_lock_method method)
+{
+	opts->rpc->has_network_lock = true;
+	if (method == CRIU_NETWORK_LOCK_IPTABLES || method == CRIU_NETWORK_LOCK_NFTABLES) {
+		opts->rpc->network_lock = (CriuNetworkLockMethod)method;
+		return 0;
+	}
+	return -1;
+}
+
+int criu_set_network_lock(enum criu_network_lock_method method)
+{
+	return criu_local_set_network_lock(global_opts, method);
+}
--- a/lib/c/criu.h
+++ b/lib/c/criu.h
@ -40,6 +40,11 @@ enum criu_cg_mode {
 	CRIU_CG_MODE_DEFAULT,
 };

+enum criu_network_lock_method {
+	CRIU_NETWORK_LOCK_IPTABLES = 1,
+	CRIU_NETWORK_LOCK_NFTABLES = 2,
+};
+
 enum criu_pre_dump_mode { CRIU_PRE_DUMP_SPLICE = 1, CRIU_PRE_DUMP_READ = 2 };

 int criu_set_service_address(const char *path);
@ -97,6 +102,7 @@ int criu_add_external(const char *key);
 int criu_set_page_server_address_port(const char *address, int port);
 int criu_set_pre_dump_mode(enum criu_pre_dump_mode mode);
 void criu_set_pidfd_store_sk(int sk);
+int criu_set_network_lock(enum criu_network_lock_method method);

 /*
 * The criu_notify_arg_t na argument is an opaque
@ -256,6 +262,7 @@ int criu_local_add_external(criu_opts *opts, const char *key);
 int criu_local_set_page_server_address_port(criu_opts *opts, const char *address, int port);
 int criu_local_set_pre_dump_mode(criu_opts *opts, enum criu_pre_dump_mode mode);
 void criu_local_set_pidfd_store_sk(criu_opts *opts, int sk);
+int criu_local_set_network_lock(criu_opts *opts, enum criu_network_lock_method method);

 void criu_local_set_notify_cb(criu_opts *opts, int (*cb)(char *action, criu_notify_arg_t na));