Difference between revisions of "CLI/opt/--network-lock"

From CRIU
Jump to navigation Jump to search
(use definition list; fix a link)
 
(One intermediate revision by one other user not shown)
Line 2: Line 2:
  
 
Currently two methods are available:
 
Currently two methods are available:
: - <b>iptables</b>: Use iptables rules to drop the packets. This is the default if 'method' is not specified.
+
;<b>iptables</b>
: - <b>nftables</b>: Use nftables rules to drop the packets.
+
: Use iptables rules to drop the packets. This is the default if 'method' is not specified.
 +
;<b>nftables</b>
 +
: Use nftables rules to drop the packets.
 +
 
 +
For more information: [[TCP connection#Checkpoint and restore TCP connection]]
  
[[TCP connection]]
 
 
[[Category:CLI]]
 
[[Category:CLI]]

Latest revision as of 15:36, 8 August 2021

Set the method to be used for network locking/unlocking. Locking is done to ensure that tcp packets are dropped between dump and restore. This is done to avoid the kernel sending RST when a packet arrives destined for the dumped process.

Currently two methods are available:

iptables
Use iptables rules to drop the packets. This is the default if 'method' is not specified.
nftables
Use nftables rules to drop the packets.

For more information: TCP connection#Checkpoint and restore TCP connection