<div dir="ltr">Good question. A machine that I was testing on had a few hundred entries which made it look like criu was hung. With the -n it's obviously a LOT faster but it'd be best to use a command that would load the modules much more quickly. This is not an area that I've had much experience.<div><br></div><div>--Saied</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 11, 2016 at 4:05 PM, Tycho Andersen <span dir="ltr"><<a href="mailto:tycho.andersen@canonical.com" target="_blank">tycho.andersen@canonical.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Mar 11, 2016 at 04:02:00PM -0800, Saied Kazemi wrote:<br>
> To preload netfilter modules, criu runs "iptables -L" and "ip6tables -L"<br>
> before starting to dump or restore a process tree.<br>
><br>
> On systems with many entries, the above commands without the -n option<br>
> take a long time because of lengthy DNS lookups.<br>
<br>
</span>Is there some command we can run that would take less time all<br>
together? Like trying to load an invalid rule or something?<br>
<div class="HOEnZb"><div class="h5"><br>
> Signed-off-by: Saied Kazemi <<a href="mailto:saied@google.com">saied@google.com</a>><br>
> ---<br>
> criu/netfilter.c | 4 ++--<br>
> 1 file changed, 2 insertions(+), 2 deletions(-)<br>
><br>
> diff --git a/criu/netfilter.c b/criu/netfilter.c<br>
> index 865a12f..312b4aa 100644<br>
> --- a/criu/netfilter.c<br>
> +++ b/criu/netfilter.c<br>
> @@ -39,9 +39,9 @@ void preload_netfilter_modules(void)<br>
> pr_perror("failed to open /dev/null, using log fd for net module preload");<br>
> }<br>
> cr_system(fd, fd, fd, iptable_cmd_ipv4,<br>
> - (char *[]) { iptable_cmd_ipv4, "-L", NULL}, 0);<br>
> + (char *[]) { iptable_cmd_ipv4, "-L", "-n", NULL}, 0);<br>
> cr_system(fd, fd, fd, iptable_cmd_ipv6,<br>
> - (char *[]) { iptable_cmd_ipv6, "-L", NULL}, 0);<br>
> + (char *[]) { iptable_cmd_ipv6, "-L", "-n", NULL}, 0);<br>
> close_safe(&fd);<br>
> }<br>
><br>
> --<br>
> 2.7.0.rc3.207.g0ac5344<br>
><br>
</div></div></blockquote></div><br></div>