571
edits
Changes
Jump to navigation
Jump to search
mLine 199:
Line 199: − + + + + + + + + + + + + + + + + + + + + + +
no edit summary
'''Links:'''
'''Links:'''
* [[CRIT (Go library)]]
* [[CRIT (Go library)]]
* https://github.com/snprajwal/gsoc-2022
* [https://github.com/snprajwal/gsoc-2022 Final Report]
=== Use eBPF to lock and unlock the network ===
'''Summary:''' Use eBPF instead of external iptables-restore tool for network lock and unlock.
During checkpointing and restoring CRIU locks the network to make sure no network packets are accepted by the network stack during the time the process is checkpointed. Currently CRIU calls out to iptables-restore to create and delete the corresponding iptables rules. Another approach which avoids calling out to the external binary iptables-restore would be to directly inject eBPF rules. There have been reports from users that iptables-restore fails in some way and eBPF could avoid this external dependency.
'''Links:'''
* https://www.criu.org/TCP_connection#Checkpoint_and_restore_TCP_connection
* https://github.com/systemd/systemd/blob/master/src/core/bpf-firewall.c
* https://blog.zeyady.com/2021-08-16/gsoc-criu
'''Details:'''
* Contributor: [https://github.com/ZeyadYasser Zeyad Yasser]
* [https://github.com/checkpoint-restore/criu/pull/1539 CRIU Pull Request]
* Skill level: intermediate
* Language: C
* Expected size: 350 hours
* Mentors: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Prajwal S N <prajwalnadig21@gmail.com>
* Suggested by: Adrian Reber <areber@redhat.com>
=== Support sparse ghosts ===
=== Support sparse ghosts ===