[CRIU] [PATCH v3 05/11] gc: implement unlocking of tcp connections
Andrei Vagin
avagin at virtuozzo.com
Wed Aug 24 16:25:50 PDT 2016
On Wed, Aug 10, 2016 at 10:12:49PM +0300, Eugene Batalov wrote:
> The logic is the same as on criu restore.
>
> First we read ps tree dump to get information about all its
> tcp connections. If ps tree shares net ns with host then
> we simply run iptables to unlock all ps tree tcp connections.
> If ps tree has unshared net ns then we do nothing because we know
> that this net ns is already destroyed with its ps tree and all
> incoming ps tree TCP packets are just dropped (no destination tcp stack
> exists).
Offtopic: It would be good if criu will create a separate table and
save all iptables rules in it.
Something like this
https://github.com/avagin/criu/commit/a3b3ae4e7db40f5b0d4456b27062484c9e27ad8a
Here is only one problem how to create an uniq name for this table.
>
> Signed-off-by: Eugene Batalov <eabatalov89 at gmail.com>
> ---
> criu/cr-gc.c | 10 ++++++++++
> criu/include/net.h | 1 +
> criu/include/sk-inet.h | 2 +-
> criu/net.c | 12 ++++++++++++
> criu/sk-tcp.c | 9 ++++++---
> 5 files changed, 30 insertions(+), 4 deletions(-)
>
> diff --git a/criu/cr-gc.c b/criu/cr-gc.c
> index 2879365..4c8bea9 100644
> --- a/criu/cr-gc.c
> +++ b/criu/cr-gc.c
> @@ -10,6 +10,8 @@
> #include "cr_options.h"
> #include "namespaces.h"
> #include "util.h"
> +#include "sockets.h"
> +#include "net.h"
>
> static int gc_validate_opts(void)
> {
> @@ -80,6 +82,9 @@ static int gc_do(void)
> if (gc_link_remaps() < 0)
> return -1;
>
> + if (gc_network_unlock() < 0)
> + return -1;
> +
> return 0;
> }
>
> @@ -122,6 +127,11 @@ int cr_gc(void)
> goto exit;
> }
>
> + if (collect_inet_sockets()) {
> + ret = -1;
> + goto exit;
> + }
> +
> if (opts.show)
> ret = gc_show();
> else
> diff --git a/criu/include/net.h b/criu/include/net.h
> index ede380f..5e6260a 100644
> --- a/criu/include/net.h
> +++ b/criu/include/net.h
> @@ -19,6 +19,7 @@ extern int collect_net_namespaces(bool for_dump);
>
> extern int network_lock(void);
> extern void network_unlock(void);
> +extern int gc_network_unlock(void);
>
> extern struct ns_desc net_ns_desc;
>
> diff --git a/criu/include/sk-inet.h b/criu/include/sk-inet.h
> index 9d2bda6..c82ffd4 100644
> --- a/criu/include/sk-inet.h
> +++ b/criu/include/sk-inet.h
> @@ -65,7 +65,7 @@ static inline void tcp_repair_off(int fd)
> }
>
> extern void tcp_locked_conn_add(struct inet_sk_info *);
> -extern void rst_unlock_tcp_connections(void);
> +extern int rst_unlock_tcp_connections(void);
> extern void cpt_unlock_tcp_connections(void);
>
> extern int dump_one_tcp(int sk, struct inet_sk_desc *sd);
> diff --git a/criu/net.c b/criu/net.c
> index 080c617..754fbda 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1618,6 +1618,18 @@ void network_unlock(void)
> }
> }
>
> +int gc_network_unlock(void)
> +{
> + /*
> + * Unshared ps tree net ns is destroyed after successful dump.
> + * No need to call network_unlock_internal.
> + * Also don't call ACT_NET_UNLOCK script because we don't
> + * resume/restore ps tree - this call would break
> + * ACT_NET_UNLOCK semantics.
> + */
> + return rst_unlock_tcp_connections();
> +}
> +
> int veth_pair_add(char *in, char *out)
> {
> char *aux;
> diff --git a/criu/sk-tcp.c b/criu/sk-tcp.c
> index 86534a4..0d8d86d 100644
> --- a/criu/sk-tcp.c
> +++ b/criu/sk-tcp.c
> @@ -785,16 +785,19 @@ void tcp_locked_conn_add(struct inet_sk_info *ii)
> ii->sk_fd = -1;
> }
>
> -void rst_unlock_tcp_connections(void)
> +int rst_unlock_tcp_connections(void)
> {
> struct inet_sk_info *ii;
>
> /* Network will be unlocked by network-unlock scripts */
> if (root_ns_mask & CLONE_NEWNET)
> - return;
> + return 0;
>
> list_for_each_entry(ii, &rst_tcp_repair_sockets, rlist)
> - nf_unlock_connection_info(ii);
> + if (nf_unlock_connection_info(ii))
> + return -1;
> +
> + return 0;
> }
>
> int check_tcp(void)
> --
> 1.9.1
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
More information about the CRIU
mailing list