1,067
edits
Changes
Jump to navigation
Jump to search
Line 5:
Line 5: − + − + Line 56:
Line 56: − + Line 62:
Line 62: − + Line 68:
Line 68: + + + + + + + + Line 78:
Line 86: +
use template:opt
The <code>TCP_REPAIR</code> socket option was added to the kernel 3.5 to help with C/R for TCP sockets.
The <code>TCP_REPAIR</code> socket option was added to the kernel 3.5 to help with C/R for TCP sockets.
When this option is used, a socket is switched into a special mode, in which any action performed on it
When this option is used, the socket is switched into a special mode, in which any action performed on it
does not result in anything defined by an appropriate protocol actions, but rather directly puts the socket
does not result in anything defined by an appropriate protocol actions, but rather directly puts the socket
into a state, in which the socket is expected to be at the end of the successfully finished operation.
into the state that the socket is expected to be in at the end of a successfully finished operation.
For example, calling <code>connect()</code> on a repaired socket just changes its state to <code>ESTABLISHED</code>,
For example, calling <code>connect()</code> on a repaired socket just changes its state to <code>ESTABLISHED</code>,
netfilter rule is configured that drops all the packets from peer to a socket we're dealing with. This rule sits
netfilter rule is configured that drops all the packets from peer to a socket we're dealing with. This rule sits
in the host netfilter tables after the criu dump command finishes and it should be there when you issue the
in the host netfilter tables after the criu dump command finishes and it should be there when you issue the
criu restore one.
criu restore one. The locking method can be specified using the {{opt|--network-lock}} option.
Another thing to note is -- on restore there should be available the IP address, that was used by the connection.
Another thing to note is -- on restore there should be available the IP address, that was used by the connection.
IP address should be copied too.
IP address should be copied too.
That said, the command line option <code>--tcp-established</code> should be used when calling criu to explicitly state, that the
That said, the command line option {{opt|--tcp-established}} should be used when calling criu to explicitly state, that the
caller is aware of this "transitional" state of the netfilter.
caller is aware of this "transitional" state of the netfilter.
per-connection iptables rules the "network-lock"/"network-unlock" [[action scripts]] are called so that the user
per-connection iptables rules the "network-lock"/"network-unlock" [[action scripts]] are called so that the user
could isolate the whole netns from network. Typically this is done by downing the respective veth pair end.
could isolate the whole netns from network. Typically this is done by downing the respective veth pair end.
== States ==
=== TCP_SYN_SENT ===
There is only one difference with TCP_ESTABLISHED, we have to restore a socket and disable the repair mode before calling <code>connect()</code>. The kernel will send a one syn-sent packet with the same initial sequence number and sets the TCP_SYN_SENT state for the socket.
=== Half-closed sockets ===
A socket is half-closed when it sent or received a fin packet. These sockets are in one for these states: TCP_FIN_WAIT1, TCP_FIN_WAIT2, TCP_CLOSING, TCP_LAST_ACL, TCP_CLOSE_WAIT. To restore these states, we restore a socket into the TCP_ESTABLISHED state and then we call shutfown(SHUT_WR), if a socket has sent a fin packet and we send a fake fin packet, if a socket has received it before. For example, if we want to restore the TCP_FIN_WAIT1 state, we have to call shutfown(SHUT_WR) and we can send a fake ack to the fin packet to restore the TCP_FIN_WAIT2 state.
== See also ==
== See also ==
* [[Simple TCP pair]]
* [[Simple TCP pair]]
* [[TCP repair TODO]]
* [[TCP repair TODO]]
* [[CLI/opt/--tcp-close|Dropping the connection]]
== External links ==
== External links ==
[[Category:Under the hood]]
[[Category:Under the hood]]
[[Category:Sockets]]
[[Category:Sockets]]
[[Category: Editor help needed]]