Mirrors/criu
1
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu.git synced 2026-01-23 02:14:37 +00:00
Code Issues Projects Releases Wiki Activity

net: set the IP_CT_TCP_FLAG_BE_LIBERAL flag for conntracks

Browse source 
Currently the kernel doesn't report sequence numbers for contracks
and tries to restore them from first packets.
When we are restoring a tcp connection, we send a window probe and
set seq - 1 in it to get ack immediatly.

        /* Use a previous sequence.  This should cause the other
         * end to send an ack.  Don't queue or clone SKB, just
         * send it.
         */
        tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);

But conntrack doesn't like this, because then we get ack, which is greater than seq.
It looks like we try to ack data which we haven't received yet.

[  735.528073] td_maxwin == 0
               seq=1081132048 ack=2965916432+(0) sack=2965916432+(0) win=342 end=1081132048
               tcp_in_window: sender end=0 maxend=0 maxwin=0 scale=0 receiver end=0 maxend=0 maxwin=0 scale=0
[  735.533409] log_invalid:
               seq=2965916431 ack=1081132049+(0) sack=1081132049+(0) win=342 end=2965916431
               tcp_in_window: sender end=2965916431 maxend=2965916773 maxwin=342 scale=0 receiver end=1081132048 maxend=1081132390 maxwin=342 scale=0
[  735.537651] nf_ct_tcp: ACK is over the upper bound (ACKed data not seen yet)

The kernel sets IP_CT_TCP_FLAG_BE_LIBERAL for new conntracks,
if we are in the middle of a connection.

Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This commit is contained in:
Andrew Vagin 2016-02-04 22:36:15 +03:00 committed by Pavel Emelyanov
parent 0dcfcc0ea5
commit afde3659e3
2 changed files with 56 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Makefile
View file

@ -141,12 +141,12 @@ ifneq ($(PIEGEN),no)
endif
endif
cflags-y += -iquote include -iquote pie -iquote .
cflags-y += -iquote include -iquote pie -iquote . -I/usr/include/libnl3
cflags-y += -iquote $(ARCH_DIR) -iquote $(ARCH_DIR)/include
cflags-y += -fno-strict-aliasing
export cflags-y
LIBS := -lrt -lpthread -lprotobuf-c -ldl
LIBS := -lrt -lpthread -lprotobuf-c -ldl -lnl-3
DEFINES += -D_FILE_OFFSET_BITS=64
DEFINES += -D_GNU_SOURCE
@ -161,7 +161,7 @@ ifeq ($(DEBUG),1)
DEFINES += -DCR_DEBUG
CFLAGS += -O0 -ggdb3
else
CFLAGS += -O2
CFLAGS += -O2 -g
endif
ifeq ($(GMON),1)