cd-dump: lock connection with iptables rules only in a current netns

For another netns we don't need to lock separate connections, an external chanel can be locked. Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

cd-dump: lock connection with iptables rules only in a current netns
For another netns we don't need to lock separate connections, an external chanel can be locked. Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
fbea445d · Andrey Vagin · Pavel Emelyanov · 8e90ed8c · fbea445d
Commit fbea445d authored Sep 17, 2012 by Andrey Vagin Committed by Pavel Emelyanov Sep 17, 2012
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

sk-tcp.c sk-tcp.c +3 -0

No files found.
--- a/sk-tcp.c
+++ b/sk-tcp.c
@@ -67,9 +67,11 @@ static int tcp_repair_establised(int fd, struct inet_sk_desc *sk)
 		goto err1;
 	}
+	if (!(opts.namespaces_flags & CLONE_NEWNET)) {
 		ret = nf_lock_connection(sk);
 		if (ret < 0)
 			goto err2;
+	}
 	ret = tcp_repair_on(sk->rfd);
 	if (ret < 0)
@@ -79,6 +81,7 @@ static int tcp_repair_establised(int fd, struct inet_sk_desc *sk)
 	return 0;
 err3:
+	if (!(opts.namespaces_flags & CLONE_NEWNET))
 		nf_unlock_connection(sk);
 err2:
 	close(sk->rfd);