[CRIU] [PATCH] netfilter: add -n to iptables and ip6tables calls
Saied Kazemi
saied at google.com
Thu Mar 17 10:11:30 PDT 2016
As I won't have time to work on this any time soon, can we apply the patch
that I sent adding "-n" to "ip[6]tables" commands for now? It doesn't
break anything and saves about a minute to do c/r on my one of my machines
with lots of entries.
Thanks,
--Saied
On Mon, Mar 14, 2016 at 3:29 PM, Pavel Emelyanov <xemul at virtuozzo.com>
wrote:
> On 03/14/2016 08:53 PM, Tycho Andersen wrote:
> > On Mon, Mar 14, 2016 at 10:41:03AM -0700, Saied Kazemi wrote:
> >> Any further thoughts on this?
> >
> > Not really, other than that modprobe seems like the best bet. I think
> > the modules needed are "ip6table_filter" and "iptable_filter".
>
> Maybe we can scan though /proc/modules before doing fork + exec? Presumably
> modprobe does the same, so we save one fork and exec in the common case.
>
> -- Pavel
>
> > Tycho
> >
> >> --Saied
> >>
> >>
> >> On Fri, Mar 11, 2016 at 4:19 PM, Tycho Andersen <
> >> tycho.andersen at canonical.com> wrote:
> >>
> >>> On Fri, Mar 11, 2016 at 04:11:50PM -0800, Saied Kazemi wrote:
> >>>> Good question. A machine that I was testing on had a few hundred
> entries
> >>>> which made it look like criu was hung. With the -n it's obviously a
> LOT
> >>>> faster but it'd be best to use a command that would load the modules
> much
> >>>> more quickly. This is not an area that I've had much experience.
> >>>
> >>> I guess we could modprobe. I think we dropped the modprobe from the
> >>> _diag modules because there was an easy netlink way to get the modules
> >>> to load which didn't cost us an exec. since we're doing an exec here
> >>> anyway to run the iptables binaries, modprobe might be simpler.
> >>>
> >>> The other option is to figure out some netlink way to specify an
> >>> invalid rule. I'm not sure what that would look like off the top of my
> >>> head, though :)
> >>>
> >>> Tycho
> >>>
> > .
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20160317/faefd7d1/attachment.html>
More information about the CRIU
mailing list