Files · afde3659e38c8579d6109cdfba064ff3339941b6 · zhul / criu

net: set the IP_CT_TCP_FLAG_BE_LIBERAL flag for conntracks · afde3659

Andrew Vagin authored Feb 04, 2016

Currently the kernel doesn't report sequence numbers for contracks
and tries to restore them from first packets.
When we are restoring a tcp connection, we send a window probe and
set seq - 1 in it to get ack immediatly.

        /* Use a previous sequence.  This should cause the other
         * end to send an ack.  Don't queue or clone SKB, just
         * send it.
         */
        tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);

But conntrack doesn't like this, because then we get ack, which is greater than seq.
It looks like we try to ack data which we haven't received yet.

[  735.528073] td_maxwin == 0
               seq=1081132048 ack=2965916432+(0) sack=2965916432+(0) win=342 end=1081132048
               tcp_in_window: sender end=0 maxend=0 maxwin=0 scale=0 receiver end=0 maxend=0 maxwin=0 scale=0
[  735.533409] log_invalid:
               seq=2965916431 ack=1081132049+(0) sack=1081132049+(0) win=342 end=2965916431
               tcp_in_window: sender end=2965916431 maxend=2965916773 maxwin=342 scale=0 receiver end=1081132048 maxend=1081132390 maxwin=342 scale=0
[  735.537651] nf_ct_tcp: ACK is over the upper bound (ACKed data not seen yet)

The kernel sets IP_CT_TCP_FLAG_BE_LIBERAL for new conntracks,
if we are in the middle of a connection.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

afde3659

Name	Last commit	Last update
Documentation		Loading commit data...
arch		Loading commit data...
contrib		Loading commit data...
include		Loading commit data...
lib		Loading commit data...
pie		Loading commit data...
protobuf		Loading commit data...
pycriu		Loading commit data...
scripts		Loading commit data...
test		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
.travis.yml		Loading commit data...
COPYING		Loading commit data...
CREDITS		Loading commit data...
Dockerfile		Loading commit data...
Makefile		Loading commit data...
Makefile.config		Loading commit data...
Makefile.crtools		Loading commit data...
Makefile.inc		Loading commit data...
README.md		Loading commit data...
action-scripts.c		Loading commit data...
aio.c		Loading commit data...
bfd.c		Loading commit data...
bitmap.c		Loading commit data...
cgroup.c		Loading commit data...
cr-check.c		Loading commit data...
cr-dedup.c		Loading commit data...
cr-dump.c		Loading commit data...
cr-errno.c		Loading commit data...
cr-exec.c		Loading commit data...
cr-restore.c		Loading commit data...
cr-service.c		Loading commit data...
cr-show.c		Loading commit data...
crit		Loading commit data...
crtools		Loading commit data...
crtools.c		Loading commit data...
eventfd.c		Loading commit data...
eventpoll.c		Loading commit data...
fault-injection.c		Loading commit data...
fifo.c		Loading commit data...
file-ids.c		Loading commit data...
file-lock.c		Loading commit data...
files-ext.c		Loading commit data...
files-reg.c		Loading commit data...
files.c		Loading commit data...
fsnotify.c		Loading commit data...
image-desc.c		Loading commit data...
image.c		Loading commit data...
ipc_ns.c		Loading commit data...
irmap.c		Loading commit data...
kcmp-ids.c		Loading commit data...
kerndat.c		Loading commit data...
libnetlink.c		Loading commit data...
log.c		Loading commit data...
lsm.c		Loading commit data...
mem.c		Loading commit data...
mount.c		Loading commit data...
namespaces.c		Loading commit data...
net.c		Loading commit data...
netfilter.c		Loading commit data...
page-pipe.c		Loading commit data...
page-read.c		Loading commit data...
page-xfer.c		Loading commit data...
pagemap-cache.c		Loading commit data...
parasite-syscall.c		Loading commit data...
pipes.c		Loading commit data...
plugin.c		Loading commit data...
proc_parse.c		Loading commit data...
protobuf-desc.c		Loading commit data...
protobuf.c		Loading commit data...
pstree.c		Loading commit data...
ptrace.c		Loading commit data...
rbtree.c		Loading commit data...
rst-malloc.c		Loading commit data...
seccomp.c		Loading commit data...
seize.c		Loading commit data...
shmem.c		Loading commit data...
sigframe.c		Loading commit data...
signalfd.c		Loading commit data...
sk-inet.c		Loading commit data...
sk-netlink.c		Loading commit data...
sk-packet.c		Loading commit data...
sk-queue.c		Loading commit data...
sk-tcp.c		Loading commit data...
sk-unix.c		Loading commit data...
sockets.c		Loading commit data...
stats.c		Loading commit data...
string.c		Loading commit data...
sysctl.c		Loading commit data...
sysfs_parse.c		Loading commit data...
timerfd.c		Loading commit data...
tty.c		Loading commit data...
tun.c		Loading commit data...
util.c		Loading commit data...
uts_ns.c		Loading commit data...
vdso.c		Loading commit data...

README.md