CLI/opt/--network-lock

From CRIU
Jump to: navigation, search

Set the method to be used for network locking/unlocking. Locking is done to ensure that tcp packets are dropped between dump and restore. This is done to avoid the kernel sending RST when a packet arrives destined for the dumped process.

Currently two methods are available:

iptables
Use iptables rules to drop the packets. This is the default if 'method' is not specified.
nftables
Use nftables rules to drop the packets.

For more information: TCP connection#Checkpoint and restore TCP connection