mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-08-30 05:48:05 +00:00
Code Issues Releases Wiki Activity

net: add criu iptables rules at the head of the chain

Browse Source 
CRIU uses iptables rules to block tcp connections and
if rules are added at the tail of the chain, other rules
can accept packets which have to be blocked.

travis-ci: success for series starting with [01/21] build: install libnet-dev
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This commit is contained in:
Andrei Vagin 2016-12-01 11:32:22 +03:00 committed by Pavel Emelyanov
parent 3ead6f0c6e
commit 70cdf43a90
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
criu/netfilter.c
View File

@ -74,7 +74,7 @@ static int nf_connection_switch_raw(int family, u32 *src_addr, u16 src_port,
snprintf(buf, sizeof(buf), NF_CONN_CMD, cmd,
kdat.has_xtlocks ? "-w" : "",
lock ? "-A" : "-D",
lock ? "-I" : "-D",
input ? "INPUT" : "OUTPUT",
dip, (int)dst_port, sip, (int)src_port);