[CRIU] [PATCH 2/3] net: set the IP_CT_TCP_FLAG_BE_LIBERAL flag for conntracks
Pavel Emelyanov
xemul at virtuozzo.com
Mon Feb 8 00:51:24 PST 2016
On 02/04/2016 10:36 PM, Andrey Vagin wrote:
> From: Andrew Vagin <avagin at virtuozzo.com>
>
> Currently the kernel doesn't report sequence numbers for contracks
> and tries to restore them from first packets.
> When we are restoring a tcp connection, we send a window probe and
> set seq - 1 in it to get ack immediatly.
>
> /* Use a previous sequence. This should cause the other
> * end to send an ack. Don't queue or clone SKB, just
> * send it.
> */
> tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);
>
> But conntrack doesn't like this, because then we get ack, which is greater than seq.
> It looks like we try to ack data which we haven't received yet.
>
> [ 735.528073] td_maxwin == 0
> seq=1081132048 ack=2965916432+(0) sack=2965916432+(0) win=342 end=1081132048
> tcp_in_window: sender end=0 maxend=0 maxwin=0 scale=0 receiver end=0 maxend=0 maxwin=0 scale=0
> [ 735.533409] log_invalid:
> seq=2965916431 ack=1081132049+(0) sack=1081132049+(0) win=342 end=2965916431
> tcp_in_window: sender end=2965916431 maxend=2965916773 maxwin=342 scale=0 receiver end=1081132048 maxend=1081132390 maxwin=342 scale=0
> [ 735.537651] nf_ct_tcp: ACK is over the upper bound (ACKed data not seen yet)
>
> The kernel sets IP_CT_TCP_FLAG_BE_LIBERAL for new conntracks,
> if we are in the middle of a connection.
>
> Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
> ---
> Makefile | 6 +++---
> net.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 56 insertions(+), 3 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index 8a0a230..284f67f 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -141,12 +141,12 @@ ifneq ($(PIEGEN),no)
> endif
> endif
>
> -cflags-y += -iquote include -iquote pie -iquote .
> +cflags-y += -iquote include -iquote pie -iquote . -I/usr/include/libnl3
Plz, fix the wiki Installation page about new library.
More information about the CRIU
mailing list