From: Daniel Wagner <[email protected]>
Commit ba052f1f "iptables: Add split out iptables commands"
introduced a bug. __connman_iptables_append() should
call iptables_append_rule() instead of iptables_insert_rule().
---
src/iptables.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index 734ebc1..ea2a52b 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -796,7 +796,7 @@ static struct ipt_entry *prepare_rule_inclusion(struct
connman_iptables *table,
return new_entry;
}
-static int iptables_insert_rule(struct connman_iptables *table,
+static int iptables_append_rule(struct connman_iptables *table,
struct ipt_ip *ip, const char *chain_name,
const char *target_name,
struct xtables_target *xt_t,
@@ -804,10 +804,10 @@ static int iptables_insert_rule(struct connman_iptables
*table,
{
struct ipt_entry *new_entry;
int builtin = -1, ret;
- GList *chain_head;
+ GList *chain_tail;
- chain_head = find_chain_head(table, chain_name);
- if (chain_head == NULL)
+ chain_tail = find_chain_tail(table, chain_name);
+ if (chain_tail == NULL)
return -EINVAL;
new_entry = prepare_rule_inclusion(table, ip, chain_name,
@@ -815,10 +815,7 @@ static int iptables_insert_rule(struct connman_iptables
*table,
if (new_entry == NULL)
return -EINVAL;
- if (builtin == -1)
- chain_head = chain_head->next;
-
- ret = iptables_add_entry(table, new_entry, chain_head, builtin);
+ ret = iptables_add_entry(table, new_entry, chain_tail->prev, builtin);
if (ret < 0)
g_free(new_entry);
@@ -2185,7 +2182,7 @@ int __connman_iptables_append(const char *table_name,
else
target_name = ctx->xt_t->name;
- err = iptables_insert_rule(table, ctx->ip, chain,
+ err = iptables_append_rule(table, ctx->ip, chain,
target_name, ctx->xt_t, ctx->xt_rm);
out:
cleanup_parse_context(ctx);
--
1.8.1.3.566.gaa39828
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
