[CRIU] [PATCH] tcp: disable repair mode for sockets on rollback (v2)
Andrey Vagin
avagin at openvz.org
Thu Oct 31 08:39:50 PDT 2013
Currently if a network namespace is dumped and something fails, sockets
remain in repair mode. It's because cpt_unlock_tcp_connections is
executed only if network namespace is not dumped.
cpt_unlock_tcp_connections disables repair mode for sockets and drops
netfilters. netfilters are not used in case of network namespaces.
v2: don't execute network-unlock scripts, if network namespace are not
dumped.
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
net.c | 11 ++++-------
sk-tcp.c | 12 +++++++++---
2 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/net.c b/net.c
index 096c1bc..6037ff6 100644
--- a/net.c
+++ b/net.c
@@ -585,14 +585,11 @@ void network_unlock(void)
{
pr_info("Unlock network\n");
- if (!(current_ns_mask & CLONE_NEWNET)) {
- cpt_unlock_tcp_connections();
- rst_unlock_tcp_connections();
+ cpt_unlock_tcp_connections();
+ rst_unlock_tcp_connections();
- return;
- }
-
- run_scripts("network-unlock");
+ if (current_ns_mask & CLONE_NEWNET)
+ run_scripts("network-unlock");
}
struct ns_desc net_ns_desc = NS_DESC_ENTRY(CLONE_NEWNET, "net");
diff --git a/sk-tcp.c b/sk-tcp.c
index ca07eaf..8136aec 100644
--- a/sk-tcp.c
+++ b/sk-tcp.c
@@ -154,9 +154,11 @@ static void tcp_unlock_one(struct inet_sk_desc *sk)
list_del(&sk->rlist);
- ret = nf_unlock_connection(sk);
- if (ret < 0)
- pr_perror("Failed to unlock TCP connection");
+ if (!(current_ns_mask & CLONE_NEWNET)) {
+ ret = nf_unlock_connection(sk);
+ if (ret < 0)
+ pr_perror("Failed to unlock TCP connection");
+ }
tcp_repair_off(sk->rfd);
@@ -648,6 +650,10 @@ void rst_unlock_tcp_connections(void)
{
struct inet_sk_info *ii;
+ /* Network will be unlocked by network-unlock scripts */
+ if (current_ns_mask & CLONE_NEWNET)
+ return;
+
list_for_each_entry(ii, &rst_tcp_repair_sockets, rlist)
nf_unlock_connection_info(ii);
}
--
1.8.3.1
More information about the CRIU
mailing list