[CRIU] [PATCH] tcp: disable repair mode for sockets on rollback

[Andrey Vagin]

Currently if a network namespace is dumped and something fails, sockets
remain in repair mode. It's because cpt_unlock_tcp_connections is
executed only if network namespace is not dumped.

cpt_unlock_tcp_connections disables repair mode for sockets and drops
netfilters. netfilters are not used in case of network namespaces.

Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 net.c    |  9 ++-------
 sk-tcp.c | 11 ++++++++---
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/net.c b/net.c
index 096c1bc..8c16a80 100644
--- a/net.c
+++ b/net.c
@@ -585,13 +585,8 @@ void network_unlock(void)
 {
 	pr_info("Unlock network\n");
 
-	if  (!(current_ns_mask & CLONE_NEWNET)) {
-		cpt_unlock_tcp_connections();
-		rst_unlock_tcp_connections();
-
-		return;
-	}
-
+	cpt_unlock_tcp_connections();
+	rst_unlock_tcp_connections();
 	run_scripts("network-unlock");
 }
 
diff --git a/sk-tcp.c b/sk-tcp.c
index ca07eaf..7c53789 100644
--- a/sk-tcp.c
+++ b/sk-tcp.c
@@ -154,9 +154,11 @@ static void tcp_unlock_one(struct inet_sk_desc *sk)
 
 	list_del(&sk->rlist);
 
-	ret = nf_unlock_connection(sk);
-	if (ret < 0)
-		pr_perror("Failed to unlock TCP connection");
+	if (!(current_ns_mask & CLONE_NEWNET)) {
+		ret = nf_unlock_connection(sk);
+		if (ret < 0)
+			pr_perror("Failed to unlock TCP connection");
+	}
 
 	tcp_repair_off(sk->rfd);
 
@@ -648,6 +650,9 @@ void rst_unlock_tcp_connections(void)
 {
 	struct inet_sk_info *ii;
 
+	if (current_ns_mask & CLONE_NEWNET)
+		return;
+
 	list_for_each_entry(ii, &rst_tcp_repair_sockets, rlist)
 		nf_unlock_connection_info(ii);
 }
-- 
1.8.3.1