net: Call ip[6]tables-restore with -w parameter

New ip[6]tables-restore utils has this parameter, which allows to wait for xtables lock, if it's occupied. When they don't wait, then the restore of iptables fails. Old versions just ignore this parameter with error in stderr, but it does not make them fail. So, pass it unconditionally. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>

net: Call ip[6]tables-restore with -w parameter
New ip[6]tables-restore utils has this parameter, which allows to wait for xtables lock, if it's occupied. When they don't wait, then the restore of iptables fails. Old versions just ignore this parameter with error in stderr, but it does not make them fail. So, pass it unconditionally. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
b2707bab · Kirill Tkhai · Andrei Vagin · f9170eff · b2707bab
Commit b2707bab authored Sep 26, 2017 by Kirill Tkhai Committed by Andrei Vagin Oct 17, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

net.c criu/net.c +2 -2

No files found.
--- a/criu/net.c
+++ b/criu/net.c
@@ -1548,7 +1548,7 @@ static inline int restore_iptables(int pid)
 		goto ipt6;
 	}

-	ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
+	ret = run_iptables_tool("iptables-restore -w", img_raw_fd(img), -1);
 	close_image(img);
 	if (ret)
 		return ret;
@@ -1559,7 +1559,7 @@ ipt6:
 	if (empty_image(img))
 		goto out;

-	ret = run_iptables_tool("ip6tables-restore", img_raw_fd(img), -1);
+	ret = run_iptables_tool("ip6tables-restore -w", img_raw_fd(img), -1);
 out:
 	close_image(img);