[CRIU] Use eBPF to lock and unlock the network
Adrian Reber
adrian at lisas.de
Sun Jun 30 00:28:32 MSK 2019
On Fri, Jun 28, 2019 at 03:57:28PM +0530, Pradeepkumar Gayam wrote:
> Hello,
>
> My name Pradeep. I'm a student and open source enthusiast. I got introduced
> to CRIU during an academic project and I found it really interesting. I was
> looking for ways to contribute to CRIU and I found GSoC projects. The
> project aimed at replacing iptables with eBPF[0] seems to have right amount
> of complexity for my liking and I would like to work on this project.
>
> I've played around with the tool, I went through documentation little bit
> and I understand how CRIU works in a broad sense. I've started browsing the
> source to understand the flow of execution. I'm listing my observations
> below. I'd appreciate any pointer to help me improve my understanding.
>
> 1. cr_dump_tasks()[1] is the higher level function that is called when we
> do 'criu dump`
> 2. This function in turn calls network_lock()[2]
> 3. network_lock() function then calls iptables_restore()[3] which executes
> the necessary iptables command
>
> So, for this project I probably need to replace the call to
> iptables_restore() function in network_lock_internal().
>
> Is my understanding correct? I'd appreciate any sort help!
Yes this sounds correct. The idea of that proposal was to replace
calling the external tool 'iptables' with some eBPF code during locking
and unlocking of the network. We have seen some reports where older
versions of iptables resulted in error messages. If CRIU could directly
control the locking and unlocking without an external tool we expect to
have less troubles.
You are welcome to work on it, but this would be outside of GSoC.
Projects and students have been selected already some time ago.
Adrian
More information about the CRIU
mailing list