From: Keir Fraser <keir.fraser@citrix.com>
Date: Thu, 28 May 2009 10:07:19 +0000 (+0100)
Subject: Serialize iptables calls in hotplug scripts
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~13854
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=f09d7f0b593f96d5f89d9883d6fd300781b28771;p=xen.git

Serialize iptables calls in hotplug scripts

iptables cannot correctly handle situations when more than one command
is trying to set netfilter rules. In such situations, iptables may fail
with EAGAIN, which results in iptables: Unknown error
18446744073709551615.

Such situation can easily happen when multiple network devices are
configured for a domain as vif hotplug scripts are called in parallel
for all of the network devices.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---

diff --git a/tools/hotplug/Linux/vif-common.sh b/tools/hotplug/Linux/vif-common.sh
index 5c1e9c3ea5..fe483f9dc9 100644
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -103,6 +103,8 @@ handle_iptable()
     return
   fi
 
+  claim_lock "iptables"
+
   if [ "$ip" != "" ]
   then
       local addr
@@ -117,6 +119,8 @@ handle_iptable()
       # No IP addresses have been specified, so allow anything.
       frob_iptable
   fi
+
+  release_lock "iptables"
 }