[CRIU] implementing some kind of --leave-frozen option for c/r in CRIU

[Andrei Vagin]

On Wed, May 18, 2016 at 11:12 AM, Tycho Andersen
<tycho.andersen at canonical.com> wrote:
> Hi Andrey,
>
> On Tue, May 17, 2016 at 10:20:42AM -0700, Andrew Vagin wrote:
>> Yesterday I tried to use a separate table in a case when netns isn't
>> dumped:
>> https://github.com/avagin/criu/commit/a3b3ae4e7db40f5b0d4456b27062484c9e27ad8a
>
> Cool, thanks for this!
>
>> here are two problem:
>> * we need two tables to block input and output trafic
>> * we need to generate uniq names for these tables. We can't use fixed
>>   names, because we may want to make checkpoint/restore a few times
>>   simulteniously.
>
> r.e. the unique names, what if we add some parameter --iptables-suffix
> so that the user can specify the suffix if they want. Otherwise, we
> can just randomly generate a string that's say 10 characters long and
> hope that they don't collide?

We need to save this uuid into images, because we need to get it on restore.

>
> In lxc's case, we could just use the container's name as the suffix,
> since we know that those are unique on the host. I assume the same
> thing would be true of openvz.

This problem exists only for cases when netns isn't dumped. Does LXC
allow to create containers without netns?

>
> If that sounds reasonable, I can adopt your patch + the
> --iptables-suffix and my --leave-frozen patch and send the full set.
>
> Tycho
>
>> The profit from this approach is that:
>> * we can unlock network very fast and don't need to enumerate sockets
>>   for that.
>> * It's easy to understand which rules were added by criu and an user
>>   can easy clean up them himself
>>
>> >
>> > Tycho
>> >
>> > > >
>> > > > static const char *nf_conn_cmd = "%s -t filter %s %s --protocol tcp "
>> > > >         "--source %s --sport %d --destination %s --dport %d -j DROP";
>> > > >
>> > > > Tycho
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu