[CRIU] [PATCH] netfilter: add -n to iptables and ip6tables calls
Tycho Andersen
tycho.andersen at canonical.com
Fri Mar 11 16:05:15 PST 2016
On Fri, Mar 11, 2016 at 04:02:00PM -0800, Saied Kazemi wrote:
> To preload netfilter modules, criu runs "iptables -L" and "ip6tables -L"
> before starting to dump or restore a process tree.
>
> On systems with many entries, the above commands without the -n option
> take a long time because of lengthy DNS lookups.
Is there some command we can run that would take less time all
together? Like trying to load an invalid rule or something?
> Signed-off-by: Saied Kazemi <saied at google.com>
> ---
> criu/netfilter.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/criu/netfilter.c b/criu/netfilter.c
> index 865a12f..312b4aa 100644
> --- a/criu/netfilter.c
> +++ b/criu/netfilter.c
> @@ -39,9 +39,9 @@ void preload_netfilter_modules(void)
> pr_perror("failed to open /dev/null, using log fd for net module preload");
> }
> cr_system(fd, fd, fd, iptable_cmd_ipv4,
> - (char *[]) { iptable_cmd_ipv4, "-L", NULL}, 0);
> + (char *[]) { iptable_cmd_ipv4, "-L", "-n", NULL}, 0);
> cr_system(fd, fd, fd, iptable_cmd_ipv6,
> - (char *[]) { iptable_cmd_ipv6, "-L", NULL}, 0);
> + (char *[]) { iptable_cmd_ipv6, "-L", "-n", NULL}, 0);
> close_safe(&fd);
> }
>
> --
> 2.7.0.rc3.207.g0ac5344
>
More information about the CRIU
mailing list