Comment 2 for bug 1037127

Reviewed: https://review.openstack.org/11300
Committed: http://github.com/openstack/nova/commit/d141e64de98f4e7eb0493d8f0a631f071b6e6dc1
Submitter: Jenkins
Branch: master

commit d141e64de98f4e7eb0493d8f0a631f071b6e6dc1
Author: Brian Haley <email address hidden>
Date: Mon Aug 13 14:58:34 2012 -0400

    Change IPtablesManager to preserve packet:byte counts.

    Modified IPtablesManager.apply() method to save/restore chain and
    rule packet:byte counts by using the '-c' flag with iptables-save
    and iptables-restore calls. Currently they are zeroed every time
    we change something in the table. This will allow users to better
    analyze usage for instances over an extended period of time, for
    example, for billing purposes.

    Change all applicable iptables, libvirt and Xen tests to account
    for the changes made to support the packet:byte counts.

    This work uncovered two bugs in the existing implementation
    found during my testing, specifically:

    1. Fix IptablesManager to clean-up non-wrapped chains correctly,
       instead of leaving them in the kernel's table. We now keep a
       list of chains and rules we need to remove, and double-check
       in apply() that they are filtered-out.

    2. Fix IptablesManager to honor "top=True" iptables rules by only
       adding non-top rules after we've gone through all the top rules
       first.

    Implements first work item of blueprint libvirt-network-usage.

    Fixes bug 1037127 and bug 1037137.

    Change-Id: Ia5a11aabbfb45b6c16c8d94757eeaa2041785b60