net: add wait to iptables command to fix race

when run several tests simultaneousely it seem that some iptables commands can intersect and if we do not wait xtables lock criu fails: (00.009263) Running iptables [iptables -t filter -A INPUT --protocol tcp --source 127.0.0.1 --sport 55074 --destination 127.0.0.1 --dport 8880 -j DROP] Another app is currently holding the xtables lock. Perhaps you want to use the -w option? (00.014367) Error (util.c:660): exited, status=4 (00.014416) Error (netfilter.c:88): Iptables configuration failed: Success (00.014432) ---------------------------------------- (00.014461) Error (cr-dump.c:1297): Dump files (pid: 24) failed with -1 https://ci.openvz.org/job/CRIU/job/CRIU-virtuozzo/branch/criu-dev/3/ Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Acked-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
avagin · Jun 7, 2016 · 85da772 · 85da772
1 parent cf9cd4a
commit 85da772
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/criu/netfilter.c b/criu/netfilter.c
@@ -20,7 +20,7 @@ static char buf[512];
  * ANy brave soul to write it using xtables-devel?
  */
 
-static const char *nf_conn_cmd = "%s -t filter %s %s --protocol tcp "
+static const char *nf_conn_cmd = "%s -w -t filter %s %s --protocol tcp "
 	"--source %s --sport %d --destination %s --dport %d -j DROP";
 
 static char iptable_cmd_ipv4[] = "iptables";