[CRIU] [PATCH] net: add wait to iptables command to fix race
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue May 31 05:24:50 PDT 2016
when run several tests simultaneousely it seem that some iptables
commands can intersect and if we do not wait xtables lock criu fails:
(00.009263) Running iptables [iptables -t filter -A INPUT --protocol tcp --source 127.0.0.1 --sport 55074 --destination 127.0.0.1 --dport 8880 -j DROP]
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
(00.014367) Error (util.c:660): exited, status=4
(00.014416) Error (netfilter.c:88): Iptables configuration failed: Success
(00.014432) ----------------------------------------
(00.014461) Error (cr-dump.c:1297): Dump files (pid: 24) failed with -1
https://ci.openvz.org/job/CRIU/job/CRIU-virtuozzo/branch/criu-dev/3/
https://jira.sw.ru/browse/PSBM-46774
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
criu/netfilter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/criu/netfilter.c b/criu/netfilter.c
index 312b4aa..2c3acd6 100644
--- a/criu/netfilter.c
+++ b/criu/netfilter.c
@@ -20,7 +20,7 @@ static char buf[512];
* ANy brave soul to write it using xtables-devel?
*/
-static const char *nf_conn_cmd = "%s -t filter %s %s --protocol tcp "
+static const char *nf_conn_cmd = "%s -w -t filter %s %s --protocol tcp "
"--source %s --sport %d --destination %s --dport %d -j DROP";
static char iptable_cmd_ipv4[] = "iptables";
--
1.8.3.1
More information about the CRIU
mailing list