Re: [libvirt] [PATCH] Re-add use of locking with iptables/ip6tables/ebtables

On Tue, Nov 11, 2014 at 12:42:46PM +0000, Daniel P. Berrange wrote:
A previous commit introduced use of locking with invocation
of iptables in the viriptables.c module

 commit ba95426d6f39aec1da6e069dd7222f7a8c6a5862
 Author: Serge Hallyn <serge hallyn ubuntu com>
 Date:   Fri Nov 1 12:36:59 2013 -0500

   util: use -w flag when calling iptables

This only ever had effect with the virtual network driver,
as it was not wired up into the nwfilter driver. Unfortunately
in the firewall refactoring the use of the -w flag was
accidentally lost.

This patch introduces it to the virfirewall.c module so that
both the virtual network and nwfilter drivers will be using
it. It also ensures that the equivalent --concurrent flag
to ebtables is used.
src/util/virfirewall.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++---
src/util/viriptables.c |  2 --
2 files changed, 63 insertions(+), 6 deletions(-)



