George,
Patch works as expected, no failures on create and no stale iptables
rules after running under the same load that was producing the errors
previously.
Ubuntu 16.04
Linux 3.13.0-83-generic
iptables v1.6.0
Xen 4.6 5 from distro packages
Thanks!
-Tony
On Wed, May 17, 2017 at 7:44 AM, George Dunlap <george.dun...@citrix.com> wrote:
> On Wed, May 17, 2017 at 1:46 PM, George Dunlap <george.dun...@citrix.com>
> wrote:
>> On 17/05/17 13:43, Ian Jackson wrote:
>>> George Dunlap writes ("Re: [Xen-devel] [Xen-users] vif-bridge errors when
>>> creating and destroying dozens of VMs simultaneously"):
>>>> So we have three options:
>>> ...
>>>> 3. Try to check to see if the version of iptables we have supports -w,
>>>> and use it if available. This should also work on all systems, but
>>>> introduces a bit of complication. It also doesn't allow us to
>>>> reliably use a timeout.
>>>
>>> I think this is best. Eventually we can get rid of the check for -w.
>>>
>>> I think a timeout in this context is not very helpful.
>>>
>>> Also, a loop, on a busy system, might need to have many attempts,
>>> because it will be polling.
>>
>> FWIW the iptables internal mechanism will try to grab the lock, and if
>> it fails (and -w is set), will call sleep(1) before trying again. My
>> bash loop would do exactly the same thing.
>>
>> But I agree that if timeouts are not important, doing it via iptables is
>> probably cleaner. Let me work up a patch.
>
> Antony,
>
> Attached is a patch to add the -w option if it's available. I've
> smoke-tested that it works under normal conditions; but my simplistic
> attempts to get the bug to trigger have failed. Can you give it a try
> and see if it works?
>
> Thanks,
> -George
--
Antony Saba, aws...@gmail.com
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
