[Xen-devel] [PATCH 1/5] hotplug/linux: Use the '-w' wait flag when calling iptables

[Sylvain Munaut <s.munaut@xxxxxxxxxxxxxxxxxxxx>]

Without this, several hotplug script instances might attempt to run at
the same rime and one will fail because it can't get the xtables lock !

The 'frob_iptables' is protected by a lock, but not the availability
check and this is also needed in case other things on the servers are
using the xtable lock.

Signed-off-by: Sylvain Munaut <s.munaut@xxxxxxxxxxxxxxxxxxxx>
---
 tools/hotplug/Linux/vif-common.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/hotplug/Linux/vif-common.sh 
b/tools/hotplug/Linux/vif-common.sh
index 6e8d584..33e5408 100644
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -129,9 +129,9 @@ frob_iptable()
     local c="-D"
   fi
 
-  iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$dev" \
+  iptables "$c" FORWARD -w -m physdev --physdev-is-bridged --physdev-in "$dev" 
\
     "$@" -j ACCEPT 2>/dev/null &&
-  iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-out "$dev" \
+  iptables "$c" FORWARD -w -m physdev --physdev-is-bridged --physdev-out 
"$dev" \
     -j ACCEPT 2>/dev/null
 
   if [ \( "$command" == "online" -o "$command" == "add" \) -a $? -ne 0 ]
@@ -154,7 +154,7 @@ handle_iptable()
   # binary is not sufficient, because the user may not have the appropriate
   # modules installed.  If iptables is not working, then there's no need to do
   # anything with it, so we can just return.
-  if ! iptables -L -n >&/dev/null
+  if ! iptables -L -w -n >&/dev/null
   then
     return
   fi
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel