[CRIU] [PATCH] netfilter: add -n to iptables and ip6tables calls
Saied Kazemi
saied at google.com
Mon Mar 14 10:41:03 PDT 2016
Any further thoughts on this?
--Saied
On Fri, Mar 11, 2016 at 4:19 PM, Tycho Andersen <
tycho.andersen at canonical.com> wrote:
> On Fri, Mar 11, 2016 at 04:11:50PM -0800, Saied Kazemi wrote:
> > Good question. A machine that I was testing on had a few hundred entries
> > which made it look like criu was hung. With the -n it's obviously a LOT
> > faster but it'd be best to use a command that would load the modules much
> > more quickly. This is not an area that I've had much experience.
>
> I guess we could modprobe. I think we dropped the modprobe from the
> _diag modules because there was an easy netlink way to get the modules
> to load which didn't cost us an exec. since we're doing an exec here
> anyway to run the iptables binaries, modprobe might be simpler.
>
> The other option is to figure out some netlink way to specify an
> invalid rule. I'm not sure what that would look like off the top of my
> head, though :)
>
> Tycho
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20160314/3b372c23/attachment.html>
More information about the CRIU
mailing list