[CRIU] [PATCH 0/10 v2] Dump and restore nested network namespaces
Pavel Emelyanov
xemul at virtuozzo.com
Mon Dec 5 01:46:00 PST 2016
On 12/02/2016 08:30 PM, Andrei Vagin wrote:
> On Fri, Nov 11, 2016 at 05:38:46PM -0800, Andrei Vagin wrote:
>> ping
>
> ping
I remember that :) May I ask you for (yet another) timeout for this set as
it conflicts with Kirill's rework of fdinfo engine which I'd like to have
first (as it blocks unix-sender-restore and c/r-scms patchsets)?
-- Pavel
>>
>> On Fri, Oct 28, 2016 at 08:41:46PM +0300, Andrei Vagin wrote:
>>> From: Andrei Vagin <avagin at virtuozzo.com>
>>>
>>> This is an initial support for nested network namespaces.
>>>
>>> It was implemented to handle systemd services with private networks:
>>>
>>> """
>>> When PrivateNetwork=yes is set in the [Service] section of a systemd service
>>> unit file, the processes run for the service will run in a private network
>>> namespace whith a private loopback network interface, and no other network
>>> devices.
>>> """
>>>
>>> How it works:
>>> * All network devices are restored in the root task.
>>> * A process sets an required network namespace to restore a socket
>>> * Processes sets their network namespaces after restoring all sockets (files)
>>>
>>> Known issues:
>>> * veth devices between network namespaces are not supported
>>>
>>> v2: * fix commetns from Pavel
>>> * improve the test to check that all processes are not restored
>>> in one netns
>>> * drop patches with a new ioctl to get netns for unconnected and
>>> unbound sockets, because it is not in the upstream kernel.
>>>
>>> Andrei Vagin (8):
>>> net: save network namespaces for sockets
>>> net: bind and listen a parasite socket for each network namespace
>>> net: allow to dump and restore more than one network namespace
>>> net: set a proper network namespace to create a socket
>>> net: rename pid into nsid for prepare_net_ns()
>>> files: split collect_fd on allocate_fd and handle_fd
>>> files: add a function to reopen fd as an unused fd
>>> zdtm: add a test for nested network namespaces
>>>
>>> criu/cr-restore.c | 40 ++++++--
>>> criu/files.c | 82 ++++++++++++++--
>>> criu/include/files.h | 3 +
>>> criu/include/libnetlink.h | 5 +-
>>> criu/include/namespaces.h | 4 +-
>>> criu/include/net.h | 6 +-
>>> criu/include/parasite.h | 2 +
>>> criu/include/sk-packet.h | 2 +-
>>> criu/include/sockets.h | 11 ++-
>>> criu/libnetlink.c | 13 +--
>>> criu/namespaces.c | 6 +-
>>> criu/net.c | 187 +++++++++++++++++++++++++++++++-----
>>> criu/parasite-syscall.c | 22 +----
>>> criu/pstree.c | 4 +
>>> criu/sk-inet.c | 21 ++++-
>>> criu/sk-netlink.c | 19 +++-
>>> criu/sk-packet.c | 10 +-
>>> criu/sk-unix.c | 17 +++-
>>> criu/sockets.c | 70 ++++++++++----
>>> images/packet-sock.proto | 1 +
>>> images/sk-inet.proto | 1 +
>>> images/sk-netlink.proto | 1 +
>>> images/sk-packet.proto | 1 +
>>> images/sk-unix.proto | 2 +
>>> test/zdtm/static/Makefile | 1 +
>>> test/zdtm/static/netns_sub.c | 203 ++++++++++++++++++++++++++++++++++++++++
>>> test/zdtm/static/netns_sub.desc | 1 +
>>> 27 files changed, 630 insertions(+), 105 deletions(-)
>>> create mode 100644 test/zdtm/static/netns_sub.c
>>> create mode 100644 test/zdtm/static/netns_sub.desc
>>>
>>> --
>>> 2.7.4
>>>
> .
>
More information about the CRIU
mailing list