[CRIU] [PATCH] netfilter: add -n to iptables and ip6tables calls

Tycho Andersen tycho.andersen at canonical.com
Fri Mar 11 16:05:15 PST 2016


On Fri, Mar 11, 2016 at 04:02:00PM -0800, Saied Kazemi wrote:
> To preload netfilter modules, criu runs "iptables -L" and "ip6tables -L"
> before starting to dump or restore a process tree.
> 
> On systems with many entries, the above commands without the -n option
> take a long time because of lengthy DNS lookups.

Is there some command we can run that would take less time all
together? Like trying to load an invalid rule or something?

> Signed-off-by: Saied Kazemi <saied at google.com>
> ---
>  criu/netfilter.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/criu/netfilter.c b/criu/netfilter.c
> index 865a12f..312b4aa 100644
> --- a/criu/netfilter.c
> +++ b/criu/netfilter.c
> @@ -39,9 +39,9 @@ void preload_netfilter_modules(void)
>  		pr_perror("failed to open /dev/null, using log fd for net module preload");
>  	}
>  	cr_system(fd, fd, fd, iptable_cmd_ipv4,
> -		(char *[]) { iptable_cmd_ipv4, "-L", NULL}, 0);
> +		(char *[]) { iptable_cmd_ipv4, "-L", "-n", NULL}, 0);
>  	cr_system(fd, fd, fd, iptable_cmd_ipv6,
> -		(char *[]) { iptable_cmd_ipv6, "-L", NULL}, 0);
> +		(char *[]) { iptable_cmd_ipv6, "-L", "-n", NULL}, 0);
>  	close_safe(&fd);
>  }
>  
> -- 
> 2.7.0.rc3.207.g0ac5344
> 


More information about the CRIU mailing list