[CRIU] [PATCH cr 06/10] cd-dump: lock connection with iptables
rules only in a current netns
Andrey Vagin
avagin at openvz.org
Thu Sep 13 09:10:26 EDT 2012
For another netns we don't need to lock separate connections,
an external chanel can be locked.
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
sk-tcp.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/sk-tcp.c b/sk-tcp.c
index 65c0e21..ec4582e 100644
--- a/sk-tcp.c
+++ b/sk-tcp.c
@@ -66,9 +66,11 @@ static int tcp_repair_establised(int fd, struct inet_sk_desc *sk)
goto err1;
}
- ret = nf_lock_connection(sk);
- if (ret < 0)
- goto err2;
+ if (!(opts.namespaces_flags & CLONE_NEWNET)) {
+ ret = nf_lock_connection(sk);
+ if (ret < 0)
+ goto err2;
+ }
ret = tcp_repair_on(sk->rfd);
if (ret < 0)
@@ -78,7 +80,8 @@ static int tcp_repair_establised(int fd, struct inet_sk_desc *sk)
return 0;
err3:
- nf_unlock_connection(sk);
+ if (!(opts.namespaces_flags & CLONE_NEWNET))
+ nf_unlock_connection(sk);
err2:
close(sk->rfd);
err1:
--
1.7.1
More information about the CRIU
mailing list