ebtables: Use --concurrent to avoid race conditions.

On GenXOS we've for some time used this to avoid running
into issues with reloading scripts at the same time.

Adding the same functionality to feeds/iopsys.

dslmngr/files/broadcom/lib/dsl/broadcom.sh

@@ -211,8 +211,8 @@ create_ptm_devices() {
 
 prioritize_arp()
 {
-      ebtables -t nat -D POSTROUTING -j mark --mark-or 0x7 -p ARP >/dev/null
-      ebtables -t nat -A POSTROUTING -j mark --mark-or 0x7 -p ARP >/dev/null
+      ebtables --concurrent -t nat -D POSTROUTING -j mark --mark-or 0x7 -p ARP >/dev/null
+      ebtables --concurrent -t nat -A POSTROUTING -j mark --mark-or 0x7 -p ARP >/dev/null
 }
 
 xtm_remove_devices() {

easy-qos/files/etc/init.d/easy_qos.ebtables

@@ -48,10 +48,10 @@ validate_rule_section()
 
 # Clear existing rules before applying new rules
 clear_existing_rules() {
-	local rule=$(ebtables -t broute -L BROUTING|grep -m 1 mark)
+	local rule=$(ebtables --concurrent -t broute -L BROUTING|grep -m 1 mark)
 	while [ -n "${rule}" ]; do
-		exec_log ebtables -t broute -D BROUTING ${rule}
-		rule=$(ebtables -t broute -L BROUTING|grep -m 1 mark)
+		exec_log ebtables --concurrent -t broute -D BROUTING ${rule}
+		rule=$(ebtables --concurrent -t broute -L BROUTING|grep -m 1 mark)
 	done
 }
 
@@ -86,7 +86,7 @@ create_rule() {
 	cmd="-p ip $cmd"
 
 	cmd="-s ${mac} $cmd"
-	exec_log ebtables -t broute -A BROUTING ${cmd}
+	exec_log ebtables --concurrent -t broute -A BROUTING ${cmd}
 }
 
 manage_rule() {

qosmngr/files/common/lib/qos/ebtables.sh

@@ -126,9 +126,9 @@ broute_filter_on_vid() {
 broute_append_rule() {
     #when ethertype is not configured by user then both proto rules of ipv4
     #and ipv6 to be installed otherwise install ipv6 proto rule only.
-    echo "ebtables -t broute -A qos $BR_RULE" >> /tmp/qos/classify.ebtables
+    echo "ebtables --concurrent -t broute -A qos $BR_RULE" >> /tmp/qos/classify.ebtables
     if [ -n "$BR6_RULE" ]; then
-        echo "ebtables -t broute -A qos $BR6_RULE" >> /tmp/qos/classify.ebtables
+        echo "ebtables --concurrent -t broute -A qos $BR6_RULE" >> /tmp/qos/classify.ebtables
     fi
 }
 
@@ -392,13 +392,13 @@ handle_ebtables_rules() {
 }
 
 create_ebtables_chains() {
-    ebtables -t broute -N qos 2> /dev/null
+    ebtables --concurrent -t broute -N qos 2> /dev/null
     ret=$?
     if [ $ret -eq 0 ]; then
-        ebtables -t broute -A BROUTING -j qos
+        ebtables --concurrent -t broute -A BROUTING -j qos
     else
-        ebtables -t broute -D BROUTING -j qos
-        ebtables -t broute -A BROUTING -j qos
+        ebtables --concurrent -t broute -D BROUTING -j qos
+        ebtables --concurrent -t broute -A BROUTING -j qos
     fi
 }
 

self-diagnostics/files/usr/share/self-diagnostics/spec/network.json

@@ -71,11 +71,11 @@
 		},
 		{
 			"description": "MAC layer firewall status list",
-			"cmd": "ebtables -L"
+			"cmd": "ebtables --concurrent -L"
 		},
 		{
 			"description": "MAC layer firewall status",
-			"cmd": "ebtables -t broute -L"
+			"cmd": "ebtables --concurrent -t broute -L"
 		},
 		{
 			"description": "QoS queue stats",

urlfilter/files/etc/init.d/urlfilter

@@ -21,7 +21,7 @@ configure_firewall()
 		iptables -w -I INPUT 2 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 
 		# disable acceleration for https packet so that they can be read by urlfilter
-		ebtables -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
 	fi
 	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
 	if [ "$?" -ne 0 ]; then
@@ -63,7 +63,7 @@ stop_service() {
 		iptables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -D INPUT -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 		iptables -w -D INPUT -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
-		ebtables -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
+		ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
 	fi
 	ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
 	if [ "$?" -eq 0 ]; then