From: Daniel Wagner <[email protected]>
Also rename a few variables to make this function more readable.
This is in preparation for the next fix.
---
src/iptables.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index 135577a..dd196c3 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -803,8 +803,8 @@ static int iptables_insert_rule(struct connman_iptables
*table,
struct xtables_rule_match *xt_rm)
{
struct ipt_entry *new_entry;
- int builtin = -1, ret;
- GList *chain_head;
+ GList *chain_head, *before;
+ int builtin, ret;
chain_head = find_chain_head(table, chain_name);
if (chain_head == NULL)
@@ -815,10 +815,20 @@ static int iptables_insert_rule(struct connman_iptables
*table,
if (new_entry == NULL)
return -EINVAL;
- if (builtin == -1)
- chain_head = chain_head->next;
+ /*
+ * When builtin is -1, that means this a custom chain
+ * and therefore the first element has to stay, it contains
+ * the chains name (error entry)
+ *
+ * If builtin is >= 0, then this is a builtin chain,
+ * so we insert the new rule before the current entry.
+ */
+ if (builtin >= 0)
+ before = chain_head;
+ else
+ before = chain_head->next;
- ret = iptables_add_entry(table, new_entry, chain_head, builtin);
+ ret = iptables_add_entry(table, new_entry, before, builtin);
if (ret < 0)
g_free(new_entry);
--
1.8.1.3.566.gaa39828
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
