The passt-repair helper is now merged, but alas it contains several small bugs: * close() is not in the seccomp profile, meaning it will immediately SIGSYS when you make a request of it * The generated header, seccomp_repair.h isn't listed in .gitignore or removed by "make clean" Fixes: 8c24301462c3 ("Introduce passt-repair") Signed-off-by: David Gibson --- .gitignore | 1 + Makefile | 2 +- passt-repair.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 5824a71e..3c16adc7 100644 --- a/.gitignore +++ b/.gitignore @@ -7,5 +7,6 @@ /qrap /pasta.1 /seccomp.h +/seccomp_repair.h /c*.json README.plain.md diff --git a/Makefile b/Makefile index fde66701..d4e10967 100644 --- a/Makefile +++ b/Makefile @@ -117,7 +117,7 @@ valgrind: all .PHONY: clean clean: - $(RM) $(BIN) *~ *.o seccomp.h pasta.1 \ + $(RM) $(BIN) *~ *.o seccomp.h seccomp_repair.h pasta.1 \ passt.tar passt.tar.gz *.deb *.rpm \ passt.pid README.plain.md diff --git a/passt-repair.c b/passt-repair.c index 767a8211..dd8578f5 100644 --- a/passt-repair.c +++ b/passt-repair.c @@ -46,7 +46,7 @@ * * Return: 0 on success (EOF), 1 on error, 2 on usage error * - * #syscalls:repair connect setsockopt write exit_group + * #syscalls:repair connect setsockopt write close exit_group * #syscalls:repair socket s390x:socketcall i686:socketcall * #syscalls:repair recvfrom recvmsg arm:recv ppc64le:recv * #syscalls:repair sendto sendmsg arm:send ppc64le:send -- 2.48.1

This should help debugging problems with migration. [This is a candidate to be folded into the earlier patch] Signed-off-by: David Gibson --- tcp.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tcp.c b/tcp.c index 3760e67a..7ce0f4cb 100644 --- a/tcp.c +++ b/tcp.c @@ -1011,10 +1011,17 @@ int tcp_flow_repair_connect(struct ctx *c, struct tcp_tap_conn *conn) { struct flowside *tgt = &conn->f.side[TGTSIDE]; struct tcp_repair_opt opts[2]; + int rc; - tcp_flow_repair_seq(c, conn, true); + rc = tcp_flow_repair_seq(c, conn, true); + if (rc) + return rc; - flowside_connect(c, conn->sock, PIF_HOST, tgt); + rc = flowside_connect(c, conn->sock, PIF_HOST, tgt); + if (rc) { + err("Failed to connect repaired socket: %s", strerror_(errno)); + return rc; + } /* FIXME: Fetch those with TCP_REPAIR_OPTIONS and store in migration * data. These hardcoded values just happen to be good enough. -- 2.48.1