gluon-radv-filterd: Use ebtables locking

This enables the ebtables internal locking mechanism which will avoid race
conditions between multiple, concurrent ebtables calls.

Signed-off-by: Sven Eckelmann <sven@narfation.org>

package/gluon-radv-filterd/src/gluon-radv-filterd.c

@@ -168,11 +168,11 @@ static void cleanup(void) {
 	if (G.chain) {
 		/* Reset chain to accept everything again */
 		if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
-				{ "ebtables", "-F", G.chain, NULL }))
+				{ "ebtables", "--concurrent", "-F", G.chain, NULL }))
 			DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
 
 		if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
-				{ "ebtables", "-A", G.chain, "-j", "ACCEPT", NULL }))
+				{ "ebtables", "--concurrent", "-A", G.chain, "-j", "ACCEPT", NULL }))
 			DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain);
 	}
 }
@@ -720,10 +720,10 @@ static void update_ebtables(void) {
 	G.best_router = router;
 
 	if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
-			{ "ebtables", "-F", G.chain, NULL }))
+			{ "ebtables", "--concurrent", "-F", G.chain, NULL }))
 		error_message(0, 0, "warning: flushing ebtables chain %s failed, not adding a new rule", G.chain);
 	else if (fork_execvp_timeout(&timeout, "ebtables", (const char *[])
-			{ "ebtables", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL }))
+			{ "ebtables", "--concurrent", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL }))
 		error_message(0, 0, "warning: adding new rule to ebtables chain %s failed", G.chain);
 }
 

package/gluon-radv-filterd/src/respondd.c

@@ -8,7 +8,7 @@
 #include "mac.h"
 
 static struct json_object * get_radv_filter() {
-	FILE *f = popen("exec ebtables -L RADV_FILTER", "r");
+	FILE *f = popen("exec ebtables --concurrent -L RADV_FILTER", "r");
 	char *line = NULL;
 	size_t len = 0;
 	struct ether_addr mac = {};