Serialize iptables calls in hotplug scripts

iptables cannot correctly handle situations when more than one command
is trying to set netfilter rules. In such situations, iptables may fail
with EAGAIN, which results in iptables: Unknown error
18446744073709551615.

Such situation can easily happen when multiple network devices are
configured for a domain as vif hotplug scripts are called in parallel
for all of the network devices.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

diff --git a/tools/hotplug/Linux/vif-common.sh b/tools/hotplug/Linux/vif-common.sh
index 5c1e9c3ea58fc26ef4747eb8a1c7813a511bd5a9..fe483f9dc93bfbb8cf140dc52ff5481c2b239566 100644 (file)
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -103,6 +103,8 @@ handle_iptable()
     return
   fi
 
+  claim_lock "iptables"
+
   if [ "$ip" != "" ]
   then
       local addr
@@ -117,6 +119,8 @@ handle_iptable()
       # No IP addresses have been specified, so allow anything.
       frob_iptable
   fi
+
+  release_lock "iptables"
 }