[CRIU] criu and runc

Andrei Vagin avagin at virtuozzo.com
Wed Dec 7 09:40:10 PST 2016 

On Wed, Dec 07, 2016 at 10:19:21AM +0100, Adrian Reber wrote:
> On Wed, Dec 07, 2016 at 12:29:43AM -0800, Andrei Vagin wrote:
> > On Tue, Dec 06, 2016 at 04:55:12PM +0100, Adrian Reber wrote:
> > > I tried to checkpoint and restore a runc container with today's git
> > > checkout. It works, but tcp-established is not really working.
> > > 
> > > I have container with a httpd running inside and I and connect to it
> > > using 'telnet rhel0x 80' to keep the connection established.
> > > 
> > > I then do 'runc checkpoint rhel7-httpd --tcp-established' and 'runc
> > > restore -d rhel7-httpd --tcp-established'. Both commands are working.
> > 
> > Does the container have its own network namespace? What network
> > configuration is used for this container?
> 
> Host network. I am using 'oci-runtime-tool generate --network host' to
> generate the config and the namespace configuration looks like this:
> 
> mespaces": [
> 			{
> 				"type": "pid"
> 			},
> 			{
> 				"type": "ipc"
> 			},
> 			{
> 				"type": "uts"
> 			},
> 			{
> 				"type": "mount"
> 			}
> 		]
> 
> 
> > > In my telnet session I now type 'GET /' but I get a TCP reset:
> > > 
> > > 15:35:07.622294 IP dcbz.58608 > rhel0x.http: Flags [S], seq 1885340748, win 29200, options [mss 1460,sackOK,TS val 1499839760 ecr 0,nop,wscale 7], length 0
> > > 15:35:07.622342 IP rhel0x.http > dcbz.58608: Flags [S.], seq 1948584834, ack 1885340749, win 28960, options [mss 1460,sackOK,TS val 1521845 ecr 1499839760,nop,wscale 7], length 0
> > > 15:35:07.622409 IP dcbz.58608 > rhel0x.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 1499839760 ecr 1521845], length 0
> > > 15:35:32.268394 IP dcbz.58608 > rhel0x.http: Flags [P.], seq 1:3, ack 1, win 229, options [nop,nop,TS val 1499864406 ecr 1521845], length 2
> > > 15:35:32.268433 IP rhel0x.http > dcbz.58608: Flags [R], seq 1948584835, win 0, length 0
> > > 
> > > https://lisas.de/~adrian/dump.log
> > 
> > (00.008968) Dumping inet socket at 3
> > (00.008972) 	Dumping: ino 0x   16f26 family    2 type    1 port        0 state  7 src_addr 0.0.0.0
> > (00.008974) 	Dumped: family 2 type 1 proto 6 port 0 state 7 src_addr 0.0.0.0
> > (00.008977) fdinfo: type: 0x 4 flags: 02000002/01 pos: 0x       0 fd: 3
> > (00.008991) 10989 fdinfo 4: pos: 0x               0 flags:          2000002/0x1
> > (00.008994) 	Searching for socket 16f27 (family 10.6)
> > (00.009001) No filter for socket
> > (00.009004) Dumping inet socket at 4
> > (00.009005) 	Dumping: ino 0x   16f27 family   10 type    1 port       80 state 10 src_addr ::
> > (00.009007) 	Dumped: family 10 type 1 proto 6 port 80 state 10 src_addr ::
> > 
> > I found only two tcp sockets and one has the TCP_LISTEN (10) state
> > and another one has the TCP_CLOSED(7) state. I exepect to find
> > a socket with the TCP_ESTABLISHED state in the log.
> 
> Yes, it is interesting that it cannot be seen in the log file.
> 
> I had a closer look at netstat before and during the dump and I see that my
> test method is flawed. Running 'telnet rhel0x 80' puts the TCP connection in
> SYN_SENT and only after hitting enter for the first time it is established.
> 
> Having an actual established connection gives me following error during restore:
> 
> (00.135695)      7: Error (criu/sk-inet.c:638): Connected TCP socket in image

        if (tcp_connection(ie)) {
                if (!opts.tcp_established_ok) {
                        pr_err("Connected TCP socket in image\n");
                        goto err;
                }

--tcp-established was not set for "criu restore"


> ...
> (00.145836) Error (criu/cr-restore.c:1127): 16908 killed by signal 9: Killed
> 
> https://lisas.de/~adrian/dump.log
> https://lisas.de/~adrian/restore.log
> 
> I am using runc --tcp-established option for dump and restore.
> 
> 		Adrian

More information about the CRIU mailing list