[CRIU] Use eBPF to lock and unlock the network

Pradeepkumar Gayam in3xes at gmail.com
Fri Jun 28 13:27:28 MSK 2019


Hello,

My name Pradeep. I'm a student and open source enthusiast. I got introduced
to CRIU during an academic project and I found it really interesting. I was
looking for ways to contribute to CRIU and I found GSoC projects. The
project aimed at replacing iptables with eBPF[0] seems to have right amount
of complexity for my liking and I would like to work on this project.

I've played around with the tool, I went through documentation little bit
and I understand how CRIU works in a broad sense. I've started browsing the
source to understand the flow of execution. I'm listing my observations
below. I'd appreciate any pointer to help me improve my understanding.

1. cr_dump_tasks()[1] is the higher level function that is called when we
do 'criu dump`
2. This function in turn calls network_lock()[2]
3. network_lock() function then calls iptables_restore()[3] which executes
the necessary iptables command

So, for this project I probably need to replace the call to
iptables_restore() function in network_lock_internal().

Is my understanding correct? I'd appreciate any sort help!


[0]
https://www.criu.org/Google_Summer_of_Code_Ideas#Use_eBPF_to_lock_and_unlock_the_network
[1]
https://github.com/checkpoint-restore/criu/blob/criu-dev/criu/cr-dump.c#L1761
[2]
https://github.com/checkpoint-restore/criu/blob/criu-dev/criu/net.c#L2677
[3]
https://github.com/checkpoint-restore/criu/blob/criu-dev/criu/net.c#L2597


Thanks
-- 
Pradeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20190628/cbba7907/attachment.html>


More information about the CRIU mailing list