[CRIU] [PATCH] net: Call ip[6]tables-restore with -w parameter
Pavel Tikhomirov
snorcht at gmail.com
Thu Sep 28 11:45:07 MSK 2017
There are two more places where we have iptables-restore.
see [CRIU] [PATCH] kdat: if iptables-restore has xtable lock support do
wait on lock
Best Regards, Tikhomirov Pavel.
2017-09-26 20:49 GMT+03:00 Kirill Tkhai <ktkhai at virtuozzo.com>:
> New ip[6]tables-restore utils has this parameter,
> which allows to wait for xtables lock, if it's
> occupied. When they don't wait, then the restore
> of iptables fails.
>
> Old versions just ignore this parameter
> with error in stderr, but it does not make them
> fail. So, pass it unconditionally.
>
> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> ---
> criu/net.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/criu/net.c b/criu/net.c
> index 68296c8a5..cb8f9dfd3 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1973,7 +1973,7 @@ static inline int restore_iptables(int pid)
>
> img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
> if (img) {
> - ret = run_iptables_tool("iptables-restore",
> img_raw_fd(img), -1);
> + ret = run_iptables_tool("iptables-restore -w",
> img_raw_fd(img), -1);
> close_image(img);
> }
> if (ret)
> @@ -1985,7 +1985,7 @@ static inline int restore_iptables(int pid)
> if (empty_image(img))
> goto out;
>
> - ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
> + ret = run_iptables_tool("ip6tables-restore -w", img_raw_fd(img),
> -1);
> out:
> close_image(img);
>
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20170928/1e437caf/attachment.html>
More information about the CRIU
mailing list