From: Daniel Wagner <[email protected]>
We need to see a bit more in detail what happens when
CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing
during bootup.
Also remove the DBG() from parse_rule_spec() because all callers
already have a DBG(). So not much additional information here.
---
src/iptables.c | 37 +++++++++++++++++++++++++++----------
1 file changed, 27 insertions(+), 10 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index 6564cd7..6cf002f 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -160,6 +160,7 @@ struct connman_iptables_entry {
};
struct connman_iptables {
+ char *name;
int ipt_sock;
struct ipt_getinfo *info;
@@ -523,6 +524,8 @@ static int iptables_flush_chain(struct connman_iptables
*table,
struct connman_iptables_entry *entry;
int builtin, removed = 0;
+ DBG("table %s chain %s", table->name, name);
+
chain_head = find_chain_head(table, name);
if (chain_head == NULL)
return -EINVAL;
@@ -588,6 +591,8 @@ static int iptables_add_chain(struct connman_iptables
*table,
struct ipt_standard_target *standard;
u_int16_t entry_head_size, entry_return_size;
+ DBG("table %s chain %s", table->name, name);
+
last = g_list_last(table->entries);
/*
@@ -655,6 +660,8 @@ static int iptables_delete_chain(struct connman_iptables
*table,
struct connman_iptables_entry *entry;
GList *chain_head, *chain_tail;
+ DBG("table %s chain %s", table->name, name);
+
chain_head = find_chain_head(table, name);
if (chain_head == NULL)
return -EINVAL;
@@ -819,6 +826,8 @@ static int iptables_insert_rule(struct connman_iptables
*table,
GList *chain_head, *before;
int builtin, ret;
+ DBG("table %s chain %s", table->name, chain_name);
+
chain_head = find_chain_head(table, chain_name);
if (chain_head == NULL)
return -EINVAL;
@@ -1019,6 +1028,8 @@ static int iptables_delete_rule(struct connman_iptables
*table,
GList *chain_head, *chain_tail, *list;
int builtin, removed;
+ DBG("table %s chain %s", table->name, chain_name);
+
removed = 0;
chain_head = find_chain_head(table, chain_name);
@@ -1083,6 +1094,8 @@ static int iptables_change_policy(struct connman_iptables
*table,
struct xt_standard_target *t;
int verdict;
+ DBG("table %s chain %s policy %s", table->name, chain_name, policy);
+
verdict = target_to_verdict(policy);
if (verdict == 0)
return -EINVAL;
@@ -1390,6 +1403,7 @@ static void table_cleanup(struct connman_iptables *table)
}
g_list_free(table->entries);
+ g_free(table->name);
g_free(table->info);
g_free(table->blob_entries);
g_free(table);
@@ -1418,10 +1432,6 @@ static struct connman_iptables *iptables_init(const char
*table_name)
g_free(module);
- table = g_hash_table_lookup(table_hash, table_name);
- if (table != NULL)
- return table;
-
table = g_try_new0(struct connman_iptables, 1);
if (table == NULL)
return NULL;
@@ -1468,8 +1478,6 @@ static struct connman_iptables *iptables_init(const char
*table_name)
table->info->underflow, table->blob_entries->size,
add_entry, table);
- g_hash_table_insert(table_hash, g_strdup(table_name), table);
-
if (debug_enabled == TRUE)
dump_table(table);
@@ -1683,7 +1691,18 @@ static struct connman_iptables *pre_load_table(const
char *table_name,
if (table != NULL)
return table;
- return iptables_init(table_name);
+ table = g_hash_table_lookup(table_hash, table_name);
+ if (table != NULL)
+ return table;
+
+ table = iptables_init(table_name);
+ if (table == NULL)
+ return NULL;
+
+ table->name = g_strdup(table_name);
+ g_hash_table_replace(table_hash, table->name, table);
+
+ return table;
}
struct parse_context {
@@ -1861,8 +1880,6 @@ static int parse_rule_spec(struct connman_iptables *table,
connman_bool_t invert = FALSE;
int len, c, err;
- DBG("");
-
ctx->ip = g_try_new0(struct ipt_ip, 1);
if (ctx->ip == NULL)
return -ENOMEM;
@@ -2283,7 +2300,7 @@ int __connman_iptables_init(void)
debug_enabled = TRUE;
table_hash = g_hash_table_new_full(g_str_hash, g_str_equal,
- g_free, remove_table);
+ NULL, remove_table);
xtables_init_all(&iptables_globals, NFPROTO_IPV4);
--
1.8.1.3.566.gaa39828
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
