[v2] net: Execute ip[6]tables-{save, restore} with -w option

Submitted by Kirill Tkhai on Sept. 22, 2017, 5:13 p.m.

Details

Message ID 150610037809.12382.4122678007390643553.stgit@localhost.localdomain
State Rejected
Series "net: Execute ip[6]tables-{save, restore} with -w option"
Headers show

Commit Message

Kirill Tkhai Sept. 22, 2017, 5:13 p.m.
Like for plain ip[6]tables in nf_connection_switch_raw(),
call ip[6]-tables{save,restore} with -w option to wait
for xtables lock.

v2: Pass NULL instead of ""

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 criu/net.c |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/net.c b/criu/net.c
index 68296c8a5..c8020f8fb 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1727,14 +1727,18 @@  static int run_ip_tool(char *arg1, char *arg2, char *arg3, char *arg4, int fdin,
 
 static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
 {
+	char *argv[] = { "sh", "-c",
+			 def_cmd,
+			 kdat.has_xtlocks ? "-w" : NULL,
+			 NULL };
 	int ret;
 	char *cmd;
 
 	cmd = getenv("CR_IPTABLES");
-	if (!cmd)
-		cmd = def_cmd;
-	pr_debug("\tRunning %s for %s\n", cmd, def_cmd);
-	ret = cr_system(fdin, fdout, -1, "sh", (char *[]) { "sh", "-c", cmd, NULL }, 0);
+	if (cmd)
+		argv[2] = cmd;
+	pr_debug("\tRunning %s for %s\n", argv[2], def_cmd);
+	ret = cr_system(fdin, fdout, -1, "sh", argv, 0);
 	if (ret)
 		pr_err("%s failed\n", def_cmd);
 

Comments

Andrey Vagin Sept. 22, 2017, 9:58 p.m.
On Fri, Sep 22, 2017 at 08:13:20PM +0300, Kirill Tkhai wrote:
> Like for plain ip[6]tables in nf_connection_switch_raw(),
> call ip[6]-tables{save,restore} with -w option to wait
> for xtables lock.
> 
> v2: Pass NULL instead of ""
> 
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> ---
>  criu/net.c |   12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index 68296c8a5..c8020f8fb 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1727,14 +1727,18 @@ static int run_ip_tool(char *arg1, char *arg2, char *arg3, char *arg4, int fdin,
>  
>  static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
>  {
> +	char *argv[] = { "sh", "-c",
> +			 def_cmd,
> +			 kdat.has_xtlocks ? "-w" : NULL,

This option will not have any effect

[avagin@laptop criu]$ sh -c 'echo  --' -w
--
[avagin@laptop criu]$ echo -- -w
-- -w


> +			 NULL };
>  	int ret;
>  	char *cmd;
>  
>  	cmd = getenv("CR_IPTABLES");
> -	if (!cmd)
> -		cmd = def_cmd;
> -	pr_debug("\tRunning %s for %s\n", cmd, def_cmd);
> -	ret = cr_system(fdin, fdout, -1, "sh", (char *[]) { "sh", "-c", cmd, NULL }, 0);
> +	if (cmd)
> +		argv[2] = cmd;
> +	pr_debug("\tRunning %s for %s\n", argv[2], def_cmd);
> +	ret = cr_system(fdin, fdout, -1, "sh", argv, 0);
>  	if (ret)
>  		pr_err("%s failed\n", def_cmd);
>  
>