mirror of
https://github.com/checkpoint-restore/criu
synced 2025-08-31 06:15:24 +00:00
64c64e4f2c
Between dump and restore of a tcp conn we have to keep the connection
blocked, since the socket doesn't exists in the kernel at this time
and any packet from peer will result in RST. Thus, add the -j DROP rule
for every connection we're about to repair.
Later, when we support containers, this will be extended to stop the
whole networking in a CT instead of cherry-peeking connections.
It does system("iptables ...") for this, but I'd prefer using the
libnetfilter-devel sometime in the future.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
11 lines
255 B
C
11 lines
255 B
C
#ifndef __CR_NETFILTER_H__
|
|
#define __CR_NETFILTER_H__
|
|
|
|
struct inet_sk_desc;
|
|
int nf_lock_connection(struct inet_sk_desc *);
|
|
int nf_unlock_connection(struct inet_sk_desc *);
|
|
|
|
struct inet_sk_info;
|
|
int nf_unlock_connection_info(struct inet_sk_info *);
|
|
#endif
|