net: Call ip[6]tables-restore with -w parameter

Submitted by Kirill Tkhai on Sept. 26, 2017, 5:49 p.m.

Details

Message ID 150644815715.7685.17204988660960322318.stgit@localhost.localdomain
State Accepted
Series "net: Call ip[6]tables-restore with -w parameter"
Commit 24e1ce01b021290f2d55ba586b7b89fcb1f5908c
Headers show

Commit Message

Kirill Tkhai Sept. 26, 2017, 5:49 p.m.
New ip[6]tables-restore utils has this parameter,
which allows to wait for xtables lock, if it's
occupied. When they don't wait, then the restore
of iptables fails.

Old versions just ignore this parameter
with error in stderr, but it does not make them
fail. So, pass it unconditionally.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 criu/net.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/net.c b/criu/net.c
index 68296c8a5..cb8f9dfd3 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1973,7 +1973,7 @@  static inline int restore_iptables(int pid)
 
 	img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
 	if (img) {
-		ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
+		ret = run_iptables_tool("iptables-restore -w", img_raw_fd(img), -1);
 		close_image(img);
 	}
 	if (ret)
@@ -1985,7 +1985,7 @@  static inline int restore_iptables(int pid)
 	if (empty_image(img))
 		goto out;
 
-	ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
+	ret = run_iptables_tool("ip6tables-restore -w", img_raw_fd(img), -1);
 out:
 	close_image(img);
 

Comments

Pavel Tikhomirov Sept. 28, 2017, 8:45 a.m.
There are two more places where we have iptables-restore.

see [CRIU] [PATCH] kdat: if iptables-restore has xtable lock support do
wait on lock


Best Regards, Tikhomirov Pavel.

2017-09-26 20:49 GMT+03:00 Kirill Tkhai <ktkhai@virtuozzo.com>:

> New ip[6]tables-restore utils has this parameter,
> which allows to wait for xtables lock, if it's
> occupied. When they don't wait, then the restore
> of iptables fails.
>
> Old versions just ignore this parameter
> with error in stderr, but it does not make them
> fail. So, pass it unconditionally.
>
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> ---
>  criu/net.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/criu/net.c b/criu/net.c
> index 68296c8a5..cb8f9dfd3 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1973,7 +1973,7 @@ static inline int restore_iptables(int pid)
>
>         img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
>         if (img) {
> -               ret = run_iptables_tool("iptables-restore",
> img_raw_fd(img), -1);
> +               ret = run_iptables_tool("iptables-restore -w",
> img_raw_fd(img), -1);
>                 close_image(img);
>         }
>         if (ret)
> @@ -1985,7 +1985,7 @@ static inline int restore_iptables(int pid)
>         if (empty_image(img))
>                 goto out;
>
> -       ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
> +       ret = run_iptables_tool("ip6tables-restore -w", img_raw_fd(img),
> -1);
>  out:
>         close_image(img);
>
>
> _______________________________________________
> CRIU mailing list
> CRIU@openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
>
Andrey Vagin Sept. 30, 2017, 12:25 a.m.
Applied, thanks!
On Tue, Sep 26, 2017 at 08:49:27PM +0300, Kirill Tkhai wrote:
> New ip[6]tables-restore utils has this parameter,
> which allows to wait for xtables lock, if it's
> occupied. When they don't wait, then the restore
> of iptables fails.
> 
> Old versions just ignore this parameter
> with error in stderr, but it does not make them
> fail. So, pass it unconditionally.
> 
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> ---
>  criu/net.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index 68296c8a5..cb8f9dfd3 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -1973,7 +1973,7 @@ static inline int restore_iptables(int pid)
>  
>  	img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
>  	if (img) {
> -		ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
> +		ret = run_iptables_tool("iptables-restore -w", img_raw_fd(img), -1);
>  		close_image(img);
>  	}
>  	if (ret)
> @@ -1985,7 +1985,7 @@ static inline int restore_iptables(int pid)
>  	if (empty_image(img))
>  		goto out;
>  
> -	ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
> +	ret = run_iptables_tool("ip6tables-restore -w", img_raw_fd(img), -1);
>  out:
>  	close_image(img);
>  
>