From: Daniel Wagner <[email protected]>
The flags are only valid per rule. If we don't clear them
__connman_iptables_command() can't be called with such a rule set:
iptables -t mangle -A INPUT -j CONNMARK --restore-mark
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
(--restore-mark and --save-mark are exclusive options)
---
src/iptables.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/iptables.c b/src/iptables.c
index 16b665a..0d217b3 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1550,6 +1550,18 @@ static int iptables_command(int argc, char *argv[])
/* Default code for options parsing */
ret = -EINVAL;
+ /*
+ * Clear all flags because the flags are only valid
+ * for one rule.
+ */
+ for (xt_m = xtables_matches; xt_m != NULL; xt_m = xt_m->next)
+ xt_m->mflags = 0;
+
+ for (xt_t = xtables_targets; xt_t != NULL; xt_t = xt_t->next) {
+ xt_t->tflags = 0;
+ xt_t->used = 0;
+ }
+
/* extension's options will generate false-positives errors */
opterr = 0;
--
1.8.0.rc0
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
