Fix xtables_lock message probe

- iptables pkg functions are coded to discard
  the xtables_lock error message about acquiring
  the lock, because all the calls are done with
  the wait logic. But the error message has
  slightly changed between iptables 1.4.x and 1.6.
  This lead to false positives causing docker
  network create to fil in presence of concurrent calls.
- Fixed message mark to be common among the two main versions.

Signed-off-by: Alessandro Boch <aboch@docker.com>

libnetwork/iptables/iptables.go

@@ -45,6 +45,7 @@ var (
 	iptablesPath  string
 	supportsXlock = false
 	supportsCOpt  = false
+	xLockWaitMsg  = "Another app is currently holding the xtables lock; waiting"
 	// used to lock iptables commands if xtables lock is not supported
 	bestEffortLock sync.Mutex
 	// ErrIptablesNotFound is returned when the rule is not found.
@@ -402,7 +403,7 @@ func raw(args ...string) ([]byte, error) {
 	}
 
 	// ignore iptables' message about xtables lock
-	if strings.Contains(string(output), "waiting for it to exit") {
+	if strings.Contains(string(output), xLockWaitMsg) {
 		output = []byte("")
 	}