[CRIU] [PATCH cr 6/9] cd-dump: lock connection with iptables rules
only in a current netns
Andrey Vagin
avagin at openvz.org
Mon Sep 17 03:50:11 EDT 2012
For another netns we don't need to lock separate connections,
an external chanel can be locked.
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
sk-tcp.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/sk-tcp.c b/sk-tcp.c
index 1bab1c2..ec3f6b8 100644
--- a/sk-tcp.c
+++ b/sk-tcp.c
@@ -68,9 +68,11 @@ static int tcp_repair_establised(int fd, struct inet_sk_desc *sk)
goto err1;
}
- ret = nf_lock_connection(sk);
- if (ret < 0)
- goto err2;
+ if (!(opts.namespaces_flags & CLONE_NEWNET)) {
+ ret = nf_lock_connection(sk);
+ if (ret < 0)
+ goto err2;
+ }
ret = tcp_repair_on(sk->rfd);
if (ret < 0)
@@ -80,7 +82,8 @@ static int tcp_repair_establised(int fd, struct inet_sk_desc *sk)
return 0;
err3:
- nf_unlock_connection(sk);
+ if (!(opts.namespaces_flags & CLONE_NEWNET))
+ nf_unlock_connection(sk);
err2:
close(sk->rfd);
err1:
--
1.7.1
More information about the CRIU
mailing list