[CRIU] [PATCH v2] net: Execute ip[6]tables-{save, restore} with -w option

[Andrei Vagin]

On Fri, Sep 22, 2017 at 08:13:20PM +0300, Kirill Tkhai wrote:
> Like for plain ip[6]tables in nf_connection_switch_raw(),
> call ip[6]-tables{save,restore} with -w option to wait
> for xtables lock.
> 
> v2: Pass NULL instead of ""
> 
> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> ---
>  criu/net.c |   12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index 68296c8a5..c8020f8fb 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1727,14 +1727,18 @@ static int run_ip_tool(char *arg1, char *arg2, char *arg3, char *arg4, int fdin,
>  
>  static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
>  {
> +	char *argv[] = { "sh", "-c",
> +			 def_cmd,
> +			 kdat.has_xtlocks ? "-w" : NULL,

This option will not have any effect

[avagin at laptop criu]$ sh -c 'echo  --' -w
--
[avagin at laptop criu]$ echo -- -w
-- -w


> +			 NULL };
>  	int ret;
>  	char *cmd;
>  
>  	cmd = getenv("CR_IPTABLES");
> -	if (!cmd)
> -		cmd = def_cmd;
> -	pr_debug("\tRunning %s for %s\n", cmd, def_cmd);
> -	ret = cr_system(fdin, fdout, -1, "sh", (char *[]) { "sh", "-c", cmd, NULL }, 0);
> +	if (cmd)
> +		argv[2] = cmd;
> +	pr_debug("\tRunning %s for %s\n", argv[2], def_cmd);
> +	ret = cr_system(fdin, fdout, -1, "sh", argv, 0);
>  	if (ret)
>  		pr_err("%s failed\n", def_cmd);
>  
>