Files · 61b8fc264f55e15dea90350834a50d551d33bffa · zhul / criu

net: block all traffic in internal network (v4) · 61b8fc26

Andrew Vagin authored Nov 19, 2015

Let's imagine that we have two local interconnected sockets.
Whe we are restoring tcp sockets, we need to disable the repair mode
to restore data in sending queues.

If traffic isn't blocked, a socket starts operating, but
in this time another end can be not restored yet.

$ test/zdtm.sh -r ns/static/socket-tcpbuf-local
...
(00.274632) 5: Error (sk-tcp.c:485): Can't restore 2 queue data (-1), want (1780919:1780919): Connection reset by peer

We create a separate chain to avoid conflicts with other rules.

https://bugs.openvz.org/browse/CRIU-96

v2: use iptables-restore to apply whole configuration for one call
v3: add a comment why we use iptables-restore instread of iptables.
v4: remove unused headers
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

61b8fc26

Name	Last commit	Last update
Documentation		Loading commit data...
arch		Loading commit data...
contrib		Loading commit data...
include		Loading commit data...
lib		Loading commit data...
pie		Loading commit data...
protobuf		Loading commit data...
pycriu		Loading commit data...
scripts		Loading commit data...
test		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
.travis.yml		Loading commit data...
COPYING		Loading commit data...
CREDITS		Loading commit data...
Dockerfile		Loading commit data...
Makefile		Loading commit data...
Makefile.config		Loading commit data...
Makefile.crtools		Loading commit data...
Makefile.inc		Loading commit data...
README.md		Loading commit data...
action-scripts.c		Loading commit data...
aio.c		Loading commit data...
bfd.c		Loading commit data...
bitmap.c		Loading commit data...
cgroup.c		Loading commit data...
cr-check.c		Loading commit data...
cr-dedup.c		Loading commit data...
cr-dump.c		Loading commit data...
cr-errno.c		Loading commit data...
cr-exec.c		Loading commit data...
cr-restore.c		Loading commit data...
cr-service.c		Loading commit data...
cr-show.c		Loading commit data...
crit		Loading commit data...
crtools		Loading commit data...
crtools.c		Loading commit data...
eventfd.c		Loading commit data...
eventpoll.c		Loading commit data...
fault-injection.c		Loading commit data...
fifo.c		Loading commit data...
file-ids.c		Loading commit data...
file-lock.c		Loading commit data...
files-ext.c		Loading commit data...
files-reg.c		Loading commit data...
files.c		Loading commit data...
fsnotify.c		Loading commit data...
image-desc.c		Loading commit data...
image.c		Loading commit data...
ipc_ns.c		Loading commit data...
irmap.c		Loading commit data...
kcmp-ids.c		Loading commit data...
kerndat.c		Loading commit data...
libnetlink.c		Loading commit data...
log.c		Loading commit data...
lsm.c		Loading commit data...
mem.c		Loading commit data...
mount.c		Loading commit data...
namespaces.c		Loading commit data...
net.c		Loading commit data...
netfilter.c		Loading commit data...
page-pipe.c		Loading commit data...
page-read.c		Loading commit data...
page-xfer.c		Loading commit data...
pagemap-cache.c		Loading commit data...
parasite-syscall.c		Loading commit data...
pipes.c		Loading commit data...
plugin.c		Loading commit data...
proc_parse.c		Loading commit data...
protobuf-desc.c		Loading commit data...
protobuf.c		Loading commit data...
pstree.c		Loading commit data...
ptrace.c		Loading commit data...
rbtree.c		Loading commit data...
rst-malloc.c		Loading commit data...
sd-daemon.c		Loading commit data...
sd-daemon.h		Loading commit data...
seccomp.c		Loading commit data...
security.c		Loading commit data...
seize.c		Loading commit data...
shmem.c		Loading commit data...
sigframe.c		Loading commit data...
signalfd.c		Loading commit data...
sk-inet.c		Loading commit data...
sk-netlink.c		Loading commit data...
sk-packet.c		Loading commit data...
sk-queue.c		Loading commit data...
sk-tcp.c		Loading commit data...
sk-unix.c		Loading commit data...
sockets.c		Loading commit data...
stats.c		Loading commit data...
string.c		Loading commit data...
sysctl.c		Loading commit data...
sysfs_parse.c		Loading commit data...
timerfd.c		Loading commit data...
tty.c		Loading commit data...
tun.c		Loading commit data...
util.c		Loading commit data...
uts_ns.c		Loading commit data...
vdso.c		Loading commit data...

README.md