From: Daniel Wagner <[email protected]>
The function does not append, it inserts the rule at the first
position.
---
src/connman.h | 2 +-
src/iptables.c | 4 ++--
src/nat.c | 2 +-
unit/test-iptables.c | 16 ++++++++--------
4 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/connman.h b/src/connman.h
index fc6d528..15a8f91 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -799,7 +799,7 @@ int __connman_iptables_flush_chain(const char *table_name,
int __connman_iptables_change_policy(const char *table_name,
const char *chain,
const char *policy);
-int __connman_iptables_append(const char *table_name,
+int __connman_iptables_insert(const char *table_name,
const char *chain,
const char *rule_spec);
int __connman_iptables_delete(const char *table_name,
diff --git a/src/iptables.c b/src/iptables.c
index e20c749..9186b63 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -2106,7 +2106,7 @@ int __connman_iptables_change_policy(const char
*table_name,
return iptables_change_policy(table, chain, policy);
}
-int __connman_iptables_append(const char *table_name,
+int __connman_iptables_insert(const char *table_name,
const char *chain,
const char *rule_spec)
{
@@ -2119,7 +2119,7 @@ int __connman_iptables_append(const char *table_name,
if (ctx == NULL)
return -ENOMEM;
- DBG("-t %s -A %s %s", table_name, chain, rule_spec);
+ DBG("-t %s -I %s %s", table_name, chain, rule_spec);
err = prepare_getopt_args(rule_spec, ctx);
if (err < 0)
diff --git a/src/nat.c b/src/nat.c
index 5447eb7..db7b84d 100644
--- a/src/nat.c
+++ b/src/nat.c
@@ -73,7 +73,7 @@ static int enable_nat(struct connman_nat *nat)
nat->address,
nat->prefixlen,
nat->interface);
- err = __connman_iptables_append("nat", "POSTROUTING", cmd);
+ err = __connman_iptables_insert("nat", "POSTROUTING", cmd);
g_free(cmd);
if (err < 0)
return err;
diff --git a/unit/test-iptables.c b/unit/test-iptables.c
index 49b05e0..df4ffaa 100644
--- a/unit/test-iptables.c
+++ b/unit/test-iptables.c
@@ -119,7 +119,7 @@ static void test_iptables_rule0(void)
/* Test simple appending and removing a rule */
- err = __connman_iptables_append("filter", "INPUT",
+ err = __connman_iptables_insert("filter", "INPUT",
"-m mark --mark 1 -j LOG");
g_assert(err == 0);
@@ -141,7 +141,7 @@ static void test_iptables_rule1(void)
/* Test if we can do NAT stuff */
- err = __connman_iptables_append("nat", "POSTROUTING",
+ err = __connman_iptables_insert("nat", "POSTROUTING",
"-s 10.10.1.0/24 -o eth0 -j MASQUERADE");
err = __connman_iptables_commit("nat");
@@ -160,14 +160,14 @@ static void test_iptables_rule2(void)
/* Test if the right rule is removed */
- err = __connman_iptables_append("filter", "INPUT",
+ err = __connman_iptables_insert("filter", "INPUT",
"-m mark --mark 1 -j LOG");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
- err = __connman_iptables_append("filter", "INPUT",
+ err = __connman_iptables_insert("filter", "INPUT",
"-m mark --mark 2 -j LOG");
g_assert(err == 0);
@@ -195,11 +195,11 @@ static void test_iptables_target0(void)
/* Test if 'fallthrough' targets work */
- err = __connman_iptables_append("filter", "INPUT",
+ err = __connman_iptables_insert("filter", "INPUT",
"-m mark --mark 1");
g_assert(err == 0);
- err = __connman_iptables_append("filter", "INPUT",
+ err = __connman_iptables_insert("filter", "INPUT",
"-m mark --mark 2");
g_assert(err == 0);
@@ -252,7 +252,7 @@ static void test_nat_basic0(void)
g_assert(err == 0);
/* test that table is empty */
- err = __connman_iptables_append("nat", "POSTROUTING",
+ err = __connman_iptables_insert("nat", "POSTROUTING",
"-s 192.168.2.1/24 -o eth0 -j
MASQUERADE");
g_assert(err == 0);
@@ -276,7 +276,7 @@ static void test_nat_basic1(void)
g_assert(err == 0);
/* test that table is not empty */
- err = __connman_iptables_append("nat", "POSTROUTING",
+ err = __connman_iptables_insert("nat", "POSTROUTING",
"-s 192.168.2.1/24 -o eth0 -j
MASQUERADE");
g_assert(err == 0);
--
1.8.1.3.566.gaa39828
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
