I have a case where the init_firewall() is failing. After some digging
I've found that iptables_replace() is failing. My assumption here is that
iptables_replace() is returning the wrong error code, it should be
returning errno. My assumption is based on the caller
__connman_firewall_enable() reporting the error using strerror(-err) which
with the current code will always be 1; therefore I assume errno was the
expected result. While there I made the same change to
iptables_get_entries() even though the only caller currently does not use
the return code for error reporting.
diff --git a/src/iptables.c b/src/iptables.c
index 49434be..3d286b7 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1380,18 +1380,27 @@ static void dump_ipt_replace(struct ipt_replace
*repl)
static int iptables_get_entries(struct connman_iptables *table)
{
socklen_t entry_size;
+ int err;
entry_size = sizeof(struct ipt_get_entries) + table->info->size;
- return getsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_GET_ENTRIES,
- table->blob_entries, &entry_size);
+ err = getsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_GET_ENTRIES,
+ table->blob_entries, &entry_size);
+ if (err < 0)
+ return -errno;
+
+ return 0;
}
static int iptables_replace(struct connman_iptables *table,
struct ipt_replace *r)
{
- return setsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_SET_REPLACE,
r,
- sizeof(*r) + r->size);
+ int err = setsockopt(table->ipt_sock, IPPROTO_IP,
IPT_SO_SET_REPLACE, r,
+ sizeof(*r) + r->size);
+ if (err < 0)
+ return -errno;
+
+ return 0;
}
static int add_entry(struct ipt_entry *entry, int builtin, unsigned int
hook,
_______________________________________________
connman mailing list
[email protected]
https://lists.connman.net/mailman/listinfo/connman
