[CRIU] [PATCH] netfilter: add -n to iptables and ip6tables calls
Tycho Andersen
tycho.andersen at canonical.com
Fri Mar 11 16:19:02 PST 2016
On Fri, Mar 11, 2016 at 04:11:50PM -0800, Saied Kazemi wrote:
> Good question. A machine that I was testing on had a few hundred entries
> which made it look like criu was hung. With the -n it's obviously a LOT
> faster but it'd be best to use a command that would load the modules much
> more quickly. This is not an area that I've had much experience.
I guess we could modprobe. I think we dropped the modprobe from the
_diag modules because there was an easy netlink way to get the modules
to load which didn't cost us an exec. since we're doing an exec here
anyway to run the iptables binaries, modprobe might be simpler.
The other option is to figure out some netlink way to specify an
invalid rule. I'm not sure what that would look like off the top of my
head, though :)
Tycho
More information about the CRIU
mailing list