[Touch-packages] [Bug 1791958] Re: iptables-restore is missing -w option

Andreas Hasenack Tue, 29 Jun 2021 12:41:35 -0700

Thanks for the b3 version!

It restores the bionic implicit lock behavior (as if -w was given), but
when given a specific value, in the end it ignores that it couldn't
acquire the lock and moves on:



In all these tests, I have a lock held.

We have a chain called "andreas". See how -L waits 1 second as I requested, but 
moves on, listing the chain:
root@b1-iptables-restore-wait-lock:~# time iptables -L andreas -w 1
Chain andreas (0 references)
target     prot opt source               destination

real    0m1.005s
user    0m0.004s
sys     0m0.000s

Now I delete the chain. This shouldn't work because another app is holding the 
lock:
root@b1-iptables-restore-wait-lock:~# time iptables -X andreas -w 1

real    0m1.006s
user    0m0.005s
sys     0m0.000s


Was it deleted? Let's list again, and it was:
root@b1-iptables-restore-wait-lock:~# time iptables -L andreas -w 1
iptables: No chain/target/match by that name.

real    0m1.005s
user    0m0.004s
sys     0m0.000s


root@b1-iptables-restore-wait-lock:~# apt-cache policy iptables
iptables:
  Installed: 1.6.1-2ubuntu2+testpkg20210629b3
  Candidate: 1.6.1-2ubuntu2+testpkg20210629b3
  Version table:
 *** 1.6.1-2ubuntu2+testpkg20210629b3 500
        500 http://ppa.launchpad.net/slashd/lp1791958/ubuntu bionic/main amd64 
Packages

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1791958

Title:
  iptables-restore is missing -w option

Status in iptables package in Ubuntu:
  Confirmed

Bug description:
  For CRIU we need to have iptables version 1.6.2 which includes the
  '-w' option in iptables-restore.

  This is a request to update iptables to 1.6.2 in 18.10 and if possible
  backport the necessary changes to 18.04.

  The CRIU project gets right now many bug reports (mostly in the
  combination LXD + CRIU) due to the missing '-w' option in iptables-
  restore. Especially as 18.04 will be around for some time it would be
  good to have iptables-restore available with '-w'.

  This is one example bug report: https://github.com/checkpoint-
  restore/criu/issues/551

  But not only CRIU would benefit from this change. It seems also
  problematic with Kubernetes:
  https://github.com/kubernetes/kubernetes/pull/60978

  So if possible, please update iptables to 1.6.2 (or backport changes)
  to support -w in iptables-restore.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1791958/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1791958] Re: iptables-restore is missing -w option

Reply via email to