[CRIU] [PATCH 0/11 v2] Dump and restore nested network namespaces
Dmitry Safonov
0x7f454c46 at gmail.com
Mon Feb 6 02:03:18 PST 2017
2017-02-02 3:04 GMT+03:00 Andrei Vagin <avagin at openvz.org>:
> From: Andrei Vagin <avagin at virtuozzo.com>
>
> This is an initial support for nested network namespaces.
On the top of this patches set I did patches to make it more generic
and afterward the patch to C/R nested UTS using generic logic
is "Showing 5 changed files with 18 additions and 9 deletions".
One could find it here: https://github.com/0x7f454c46/criu/commits/sub-ns
My patches set still needs tests and IPC C/R, I'll post it on top of this one
when it makes into criu-dev :)
FWIW:
Reviewed-by: Dmitry Safonov <dsafonov at virtuozzo.com>
>
> It was implemented to handle systemd services with private networks:
>
> """
> When PrivateNetwork=yes is set in the [Service] section of a systemd service
> unit file, the processes run for the service will run in a private network
> namespace whith a private loopback network interface, and no other network
> devices.
> """
>
> How it works:
> * All network devices are restored in the root task.
> * A process sets an required network namespace to restore a socket
> * Processes sets their network namespaces after restoring all sockets (files)
>
> Known issues:
> * veth devices between network namespaces are not supported
>
> v2: * fix commetns from Pavel
> * improve the test to check that all processes are not restored
> in one netns
> * drop patches with a new ioctl to get netns for unconnected and
> unbound sockets, because it is not in the upstream kernel.
>
> Andrei Vagin (8):
> net: save network namespaces for sockets
> net: bind and listen a parasite socket for each network namespace
> net: allow to dump and restore more than one network namespace
> net: set a proper network namespace to create a socket
> net: rename pid into nsid for prepare_net_ns()
> files: split collect_fd on allocate_fd and handle_fd
> files: add a function to reopen fd as an unused fd
> zdtm: add a test for nested network namespaces
>
> criu/cr-restore.c | 40 ++++++--
> criu/files.c | 82 ++++++++++++++--
> criu/include/files.h | 3 +
> criu/include/libnetlink.h | 5 +-
> criu/include/namespaces.h | 4 +-
> criu/include/net.h | 6 +-
> criu/include/parasite.h | 2 +
> criu/include/sk-packet.h | 2 +-
> criu/include/sockets.h | 11 ++-
> criu/libnetlink.c | 13 +--
> criu/namespaces.c | 6 +-
> criu/net.c | 187 +++++++++++++++++++++++++++++++-----
> criu/parasite-syscall.c | 22 +----
> criu/pstree.c | 4 +
> criu/sk-inet.c | 21 ++++-
> criu/sk-netlink.c | 19 +++-
> criu/sk-packet.c | 10 +-
> criu/sk-unix.c | 17 +++-
> criu/sockets.c | 70 ++++++++++----
> images/packet-sock.proto | 1 +
> images/sk-inet.proto | 1 +
> images/sk-netlink.proto | 1 +
> images/sk-packet.proto | 1 +
> images/sk-unix.proto | 2 +
> test/zdtm/static/Makefile | 1 +
> test/zdtm/static/netns_sub.c | 203 ++++++++++++++++++++++++++++++++++++++++
> test/zdtm/static/netns_sub.desc | 1 +
> 27 files changed, 630 insertions(+), 105 deletions(-)
> create mode 100644 test/zdtm/static/netns_sub.c
> create mode 100644 test/zdtm/static/netns_sub.desc
>
> --
> 2.7.4
--
Dmitry
More information about the CRIU
mailing list