[CRIU] [PATCH] netfilter: add -n to iptables and ip6tables calls
Tycho Andersen
tycho.andersen at canonical.com
Mon Mar 14 10:53:40 PDT 2016
On Mon, Mar 14, 2016 at 10:41:03AM -0700, Saied Kazemi wrote:
> Any further thoughts on this?
Not really, other than that modprobe seems like the best bet. I think
the modules needed are "ip6table_filter" and "iptable_filter".
Tycho
> --Saied
>
>
> On Fri, Mar 11, 2016 at 4:19 PM, Tycho Andersen <
> tycho.andersen at canonical.com> wrote:
>
> > On Fri, Mar 11, 2016 at 04:11:50PM -0800, Saied Kazemi wrote:
> > > Good question. A machine that I was testing on had a few hundred entries
> > > which made it look like criu was hung. With the -n it's obviously a LOT
> > > faster but it'd be best to use a command that would load the modules much
> > > more quickly. This is not an area that I've had much experience.
> >
> > I guess we could modprobe. I think we dropped the modprobe from the
> > _diag modules because there was an easy netlink way to get the modules
> > to load which didn't cost us an exec. since we're doing an exec here
> > anyway to run the iptables binaries, modprobe might be simpler.
> >
> > The other option is to figure out some netlink way to specify an
> > invalid rule. I'm not sure what that would look like off the top of my
> > head, though :)
> >
> > Tycho
> >
More information about the CRIU
mailing list