use a fresh client for requesting vif and ip

in the callback to "Xs_client.wait", all operations are tracked and new watches
are installed (that are never removed, due to xenstore's xs_handle
"accessed_path" never removes any elements of the "accessed_paths" (a mutable
StringSet). So, whatever is done in the callback of wait needs to take care
(if returning EAGAIN and thus forcing xenstore to continue waiting/watching)
that accesses are tracked.

Our way out is to create a fresh client and read the IP address with that new
client -> the watcher isn't extended -> no dangling (leaking) watches, and no
leaking only-expanding StringSet.

dao.ml

@@ -65,11 +65,12 @@ let read_rules rules client_ip =
                              icmp_type = None;
                              number = 0;})]
 
-let vifs ~handle domid =
+let vifs client domid =
   match String.to_int domid with
   | None -> Log.err (fun f -> f "Invalid domid %S" domid); Lwt.return []
   | Some domid ->
     let path = Printf.sprintf "backend/vif/%d" domid in
+    Xen_os.Xs.immediate client (fun handle ->
         directory ~handle path >>=
         Lwt_list.filter_map_p (fun device_id ->
             match String.to_int device_id with
@@ -101,7 +102,7 @@ let vifs ~handle domid =
                                 ClientVif.pp vif (Printexc.to_string ex));
                     Lwt.return None
                 )
-      )
+          ))
 
 let watch_clients fn =
   Xen_os.Xs.make () >>= fun xs ->
@@ -114,7 +115,8 @@ let watch_clients fn =
         | Xs_protocol.Enoent _ -> Lwt.return []
         | ex -> Lwt.fail ex)
     end >>= fun items ->
-    Lwt_list.map_p (vifs ~handle) items >>= fun items ->
+    Xen_os.Xs.make () >>= fun xs ->
+    Lwt_list.map_p (vifs xs) items >>= fun items ->
     fn (List.concat items |> VifMap.of_list);
     (* Wait for further updates *)
     Lwt.fail Xs_protocol.Eagain