[CRIU] Use eBPF to lock and unlock the network

Pradeepkumar Gayam in3xes at gmail.com
Mon Jul 1 05:34:31 MSK 2019 

Hi Adrian,

Thanks for you response.

On Sun, Jun 30, 2019 at 2:58 AM Adrian Reber <adrian at lisas.de> wrote:

> On Fri, Jun 28, 2019 at 03:57:28PM +0530, Pradeepkumar Gayam wrote:
> > Hello,
> >
> > My name Pradeep. I'm a student and open source enthusiast. I got
> introduced
> > to CRIU during an academic project and I found it really interesting. I
> was
> > looking for ways to contribute to CRIU and I found GSoC projects. The
> > project aimed at replacing iptables with eBPF[0] seems to have right
> amount
> > of complexity for my liking and I would like to work on this project.
> >
> > I've played around with the tool, I went through documentation little bit
> > and I understand how CRIU works in a broad sense. I've started browsing
> the
> > source to understand the flow of execution. I'm listing my observations
> > below. I'd appreciate any pointer to help me improve my understanding.
> >
> > 1. cr_dump_tasks()[1] is the higher level function that is called when we
> > do 'criu dump`
> > 2. This function in turn calls network_lock()[2]
> > 3. network_lock() function then calls iptables_restore()[3] which
> executes
> > the necessary iptables command
> >
> > So, for this project I probably need to replace the call to
> > iptables_restore() function in network_lock_internal().
> >
> > Is my understanding correct? I'd appreciate any sort help!
>
> Yes this sounds correct. The idea of that proposal was to replace
> calling the external tool 'iptables' with some eBPF code during locking
> and unlocking of the network. We have seen some reports where older
> versions of iptables resulted in error messages. If CRIU could directly
> control the locking and unlocking without an external tool we expect to
> have less troubles.
>
I'm studying eBPF right now. Hoping to make some progress in the coming
weeks.

>
> You are welcome to work on it, but this would be outside of GSoC.
> Projects and students have been selected already some time ago.
>
I understand that GSoC projects have already been selected and the deadline
has passed. I'm doing this out of curiosity.

>
>                 Adrian
>


-- 
Pradeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20190701/2f970a9c/attachment.html>

More information about the CRIU mailing list