[CRIU] [PATCH] tcp: disable repair mode for sockets on rollback

Thu Oct 31 06:35:06 PDT 2013

On 10/30/2013 11:49 PM, Andrey Vagin wrote:
> Currently if a network namespace is dumped and something fails, sockets
> remain in repair mode. It's because cpt_unlock_tcp_connections is
> executed only if network namespace is not dumped.
> 
> cpt_unlock_tcp_connections disables repair mode for sockets and drops
> netfilters. netfilters are not used in case of network namespaces.
> 
> Signed-off-by: Andrey Vagin <avagin at openvz.org>
> ---
>  net.c    |  9 ++-------
>  sk-tcp.c | 11 ++++++++---
>  2 files changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/net.c b/net.c
> index 096c1bc..8c16a80 100644
> --- a/net.c
> +++ b/net.c
> @@ -585,13 +585,8 @@ void network_unlock(void)
>  {
>  	pr_info("Unlock network\n");
>  
> -	if  (!(current_ns_mask & CLONE_NEWNET)) {
> -		cpt_unlock_tcp_connections();
> -		rst_unlock_tcp_connections();
> -
> -		return;
> -	}
> -
> +	cpt_unlock_tcp_connections();
> +	rst_unlock_tcp_connections();
>  	run_scripts("network-unlock");

You break logic here. The network-lock script was not called.
And comments why in each place we do or do not lock/unlock in this way.

>  }
>  
> diff --git a/sk-tcp.c b/sk-tcp.c
> index ca07eaf..7c53789 100644
> --- a/sk-tcp.c
> +++ b/sk-tcp.c
> @@ -154,9 +154,11 @@ static void tcp_unlock_one(struct inet_sk_desc *sk)
>  
>  	list_del(&sk->rlist);
>  
> -	ret = nf_unlock_connection(sk);
> -	if (ret < 0)
> -		pr_perror("Failed to unlock TCP connection");
> +	if (!(current_ns_mask & CLONE_NEWNET)) {
> +		ret = nf_unlock_connection(sk);
> +		if (ret < 0)
> +			pr_perror("Failed to unlock TCP connection");
> +	}
>  
>  	tcp_repair_off(sk->rfd);
>  
> @@ -648,6 +650,9 @@ void rst_unlock_tcp_connections(void)
>  {
>  	struct inet_sk_info *ii;
>  
> +	if (current_ns_mask & CLONE_NEWNET)
> +		return;
> +
>  	list_for_each_entry(ii, &rst_tcp_repair_sockets, rlist)
>  		nf_unlock_connection_info(ii);
>  }
> 