From: Daniel Wagner <[email protected]>
This check does not make sense at all. We want to insert the new
rule always on the first position, that means the chain_head
points to the 'old' entry.
Adding some documentation which explains what is happening here.
---
src/iptables.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index adefd20..088168a 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -778,19 +778,32 @@ static struct ipt_entry *prepare_rule_inclusion(struct
connman_iptables *table,
if (new_entry == NULL)
return NULL;
- update_hooks(table, chain_head, new_entry);
-
/*
- * If the chain is builtin, and does not have any rule,
- * then the one that we're inserting is becoming the head
- * and thus needs the builtin flag.
+ * The caller needs to know if the new entry is
+ * inserted into a builtin chain or a custom chain.
+ * builtin is used to report this back.
*/
+
head = chain_head->data;
- if (head->builtin < 0)
- *builtin = -1;
- else if (chain_head == chain_tail->prev) {
+ if (head->builtin >= 0) {
+ /*
+ * Since we are going to insert the new rule
+ * as new chain head into an builtin chain
+ * we need to update all the hooks_entry and
+ * underflow.
+ */
+
+ update_hooks(table, chain_head, new_entry);
+
+ /*
+ * The new entry needs gets the builtin marker
+ * the previous chain head needs to be reseted.
+ */
*builtin = head->builtin;
head->builtin = -1;
+ } else {
+ /* This is a custom chain. */
+ *builtin = -1;
}
return new_entry;
--
1.8.1.3.566.gaa39828
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
