[CRIU] [PATCH 0/10 v2] Dump and restore nested network namespaces

Andrei Vagin avagin at virtuozzo.com
Fri Dec 2 09:30:10 PST 2016 

On Fri, Nov 11, 2016 at 05:38:46PM -0800, Andrei Vagin wrote:
> ping

ping

> 
> On Fri, Oct 28, 2016 at 08:41:46PM +0300, Andrei Vagin wrote:
> > From: Andrei Vagin <avagin at virtuozzo.com>
> > 
> > This is an initial support for nested network namespaces.
> > 
> > It was implemented to handle systemd services with private networks:
> > 
> > """
> > When PrivateNetwork=yes is set in the [Service] section of a systemd service
> > unit file, the processes run for the service will run in a private network
> > namespace whith a private loopback network interface, and no other network
> > devices.
> > """
> > 
> > How it works:
> > * All network devices are restored in the root task.
> > * A process sets an required network namespace to restore a socket
> > * Processes sets their network namespaces after restoring all sockets (files)
> > 
> > Known issues:
> > * veth devices between network namespaces are not supported
> > 
> > v2: * fix commetns from Pavel
> >     * improve the test to check that all processes are not restored
> >       in one netns
> >     * drop patches with a new ioctl to get netns for unconnected and
> >       unbound sockets, because it is not in the upstream kernel.
> > 
> > Andrei Vagin (8):
> >   net: save network namespaces for sockets
> >   net: bind and listen a parasite socket for each network namespace
> >   net: allow to dump and restore more than one network namespace
> >   net: set a proper network namespace to create a socket
> >   net: rename pid into nsid for prepare_net_ns()
> >   files: split collect_fd on allocate_fd and handle_fd
> >   files: add a function to reopen fd as an unused fd
> >   zdtm: add a test for nested network namespaces
> > 
> >  criu/cr-restore.c               |  40 ++++++--
> >  criu/files.c                    |  82 ++++++++++++++--
> >  criu/include/files.h            |   3 +
> >  criu/include/libnetlink.h       |   5 +-
> >  criu/include/namespaces.h       |   4 +-
> >  criu/include/net.h              |   6 +-
> >  criu/include/parasite.h         |   2 +
> >  criu/include/sk-packet.h        |   2 +-
> >  criu/include/sockets.h          |  11 ++-
> >  criu/libnetlink.c               |  13 +--
> >  criu/namespaces.c               |   6 +-
> >  criu/net.c                      | 187 +++++++++++++++++++++++++++++++-----
> >  criu/parasite-syscall.c         |  22 +----
> >  criu/pstree.c                   |   4 +
> >  criu/sk-inet.c                  |  21 ++++-
> >  criu/sk-netlink.c               |  19 +++-
> >  criu/sk-packet.c                |  10 +-
> >  criu/sk-unix.c                  |  17 +++-
> >  criu/sockets.c                  |  70 ++++++++++----
> >  images/packet-sock.proto        |   1 +
> >  images/sk-inet.proto            |   1 +
> >  images/sk-netlink.proto         |   1 +
> >  images/sk-packet.proto          |   1 +
> >  images/sk-unix.proto            |   2 +
> >  test/zdtm/static/Makefile       |   1 +
> >  test/zdtm/static/netns_sub.c    | 203 ++++++++++++++++++++++++++++++++++++++++
> >  test/zdtm/static/netns_sub.desc |   1 +
> >  27 files changed, 630 insertions(+), 105 deletions(-)
> >  create mode 100644 test/zdtm/static/netns_sub.c
> >  create mode 100644 test/zdtm/static/netns_sub.desc
> > 
> > -- 
> > 2.7.4
> >

More information about the CRIU mailing list