We are going to detect parasite crashes. For that we are goint to check
all unwaited processes in SIGCHLD handler.
cr_system blocks SIGCHLD and unblocks it after waiting a target process.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We was going to block a connections in both directions (v0.6-97-g0a1b70b),
but both iptable rules are added in the INPUT table. It's wrong, because
the rule must be added to the OUTPUT table to block locally-generated packets
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The packet can be retransmited after dumping the tcp connect. The first
one is that the connection is blocked for only one direction. The second
one is that TCP timers continue work during dumping and they can send
packets. tcp_timestamp is saved for each tcp connections and then it’s
restored. So if a packet is sent after dumping, its timestamps is
saved by another side and this timestamp is sent back in the next packet
as the tsecr parameter. If this packet is received after restoring, it
looks like a packets from the future.
https://bugzilla.openvz.org/show_bug.cgi?id=2676
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
* The following files goes into the directory arch/x86/include/asm unmodified:
- include/atomic.h,
- include/linkage.h,
- include/memcpy_64.h,
- include/types.h,
- include/bitops.h,
- pie/parasite-head-x86-64.S,
- include/processor-flags.h,
- include/syscall-x86-64.def.
* Changed include directives in the source files that include the headers
listed above.
* Modified build scripts to reflect the source moves.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Util it's very critical for speed we should
not use unsafe sprintf helper, we're root-granted
program and must be as safe as possible.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The task is not complete - this is just a part of what have to be done. I.e.
looks like a lot of excessive deps can be fixed.
Signed-off-by: Stanislav Kinsbursky <skinsbursky@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Between dump and restore of a tcp conn we have to keep the connection
blocked, since the socket doesn't exists in the kernel at this time
and any packet from peer will result in RST. Thus, add the -j DROP rule
for every connection we're about to repair.
Later, when we support containers, this will be extended to stop the
whole networking in a CT instead of cherry-peeking connections.
It does system("iptables ...") for this, but I'd prefer using the
libnetfilter-devel sometime in the future.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
