Mac-Vlan

Revision as of 21:53, 21 October 2016 by Tycho Andersen (talk | contribs)

CRIU supports checkpointing and restoring network namespaces with macvlan devices. On dump, criu will automatically detect these devices and no extra arguments are needed. On restore, users *must* specify the master device in the host network namespace via --external macvlan[internal]:external, where internal and external are the names of the internal and external devices, respectively.

The restore process for macvlan interfaces is somewhat convoluted, since the actual macvlan interface lives inside the network namespace, but the master device lives outside. CRIU uses IFLA_NET_NS_ID to specify the network namespace that the master link lives in, and uses IFLA_NET_NS_FD to specify the network namespace the slave link should be created in. In the user namespace case, the netlink call is made from usernsd, since the caller needs to have CAP_NET_ADMIN in both network namespaces. In the non-userns case, we setns around to create a netlink socket in CRIU's netns, and then use that socket to actually create the macvlan link.