From c49d9283f0f209612f09d3997bc4b8e9af2cec0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Tue, 21 Apr 2015 04:41:57 +0200
Subject: [PATCH] network: wait for iptables lock instead of aborting

vif-route-qubes can be called simultaneously, for example in case of:
 - multiple domains startup
 - HVM startup (two interfaces: one to the target domain, second one to
   stubdom)
If that happens, one of calls can fail because of iptables lock.
---
 network/vif-route-qubes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/network/vif-route-qubes b/network/vif-route-qubes
index c0ab41e..57cd33e 100755
--- a/network/vif-route-qubes
+++ b/network/vif-route-qubes
@@ -53,7 +53,7 @@ if [ "${ip}" ] ; then
 	for addr in ${ip} ; do
 		${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric
 	done
-	${cmdprefix} iptables -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP
+	${cmdprefix} iptables -w -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP
 	back_ip=`qubesdb-read /qubes-netvm-gateway`
 	${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif}
 fi