net: Execute ip[6]tables-{save, restore} with -w option

Submitted by Kirill Tkhai on Sept. 22, 2017, 9:31 a.m.

Details

Message ID 150607270059.17548.8254107642026714914.stgit@localhost.localdomain
State New
Series "net: Execute ip[6]tables-{save, restore} with -w option"
Headers show

Commit Message

Kirill Tkhai Sept. 22, 2017, 9:31 a.m.
Like for plain ip[6]tables in nf_connection_switch_raw(),
call ip[6]-tables{save,restore} with -w option to wait
for xtables lock.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 criu/net.c |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/net.c b/criu/net.c
index 68296c8a5..1644f1595 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1727,14 +1727,18 @@  static int run_ip_tool(char *arg1, char *arg2, char *arg3, char *arg4, int fdin,
 
 static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
 {
+	char *argv[] = { "sh", "-c",
+			 def_cmd,
+			 kdat.has_xtlocks ? "-w" : "",
+			 NULL };
 	int ret;
 	char *cmd;
 
 	cmd = getenv("CR_IPTABLES");
-	if (!cmd)
-		cmd = def_cmd;
-	pr_debug("\tRunning %s for %s\n", cmd, def_cmd);
-	ret = cr_system(fdin, fdout, -1, "sh", (char *[]) { "sh", "-c", cmd, NULL }, 0);
+	if (cmd)
+		argv[2] = cmd;
+	pr_debug("\tRunning %s for %s\n", argv[2], def_cmd);
+	ret = cr_system(fdin, fdout, -1, "sh", argv, 0);
 	if (ret)
 		pr_err("%s failed\n", def_cmd);