From f09d7f0b593f96d5f89d9883d6fd300781b28771 Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Thu, 28 May 2009 11:07:19 +0100
Subject: [PATCH] Serialize iptables calls in hotplug scripts

iptables cannot correctly handle situations when more than one command
is trying to set netfilter rules. In such situations, iptables may fail
with EAGAIN, which results in iptables: Unknown error
18446744073709551615.

Such situation can easily happen when multiple network devices are
configured for a domain as vif hotplug scripts are called in parallel
for all of the network devices.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 tools/hotplug/Linux/vif-common.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/hotplug/Linux/vif-common.sh b/tools/hotplug/Linux/vif-common.sh
index 5c1e9c3ea5..fe483f9dc9 100644
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -103,6 +103,8 @@ handle_iptable()
     return
   fi
 
+  claim_lock "iptables"
+
   if [ "$ip" != "" ]
   then
       local addr
@@ -117,6 +119,8 @@ handle_iptable()
       # No IP addresses have been specified, so allow anything.
       frob_iptable
   fi
+
+  release_lock "iptables"
 }
 
 
-- 
2.30.2