[PATCH] libiptc: don't set_changed() when checking rules with module jumps

Fri, 24 Feb 2017 10:16:25 -0800 

---
 libiptc/libiptc.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 2c66d04..a6e7057 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -1686,7 +1686,8 @@ iptcc_standard_map(struct rule_head *r, int verdict)
 
 static int
 iptcc_map_target(struct xtc_handle *const handle,
-          struct rule_head *r)
+          struct rule_head *r,
+          bool dry_run)
 {
        STRUCT_ENTRY *e = r->entry;
        STRUCT_ENTRY_TARGET *t = GET_TARGET(e);
@@ -1731,7 +1732,8 @@ iptcc_map_target(struct xtc_handle *const handle,
               0,
               FUNCTION_MAXNAMELEN - 1 - strlen(t->u.user.name));
        r->type = IPTCC_R_MODULE;
-       set_changed(handle);
+       if (!dry_run)
+               set_changed(handle);
        return 1;
 }
 
@@ -1781,7 +1783,7 @@ TC_INSERT_ENTRY(const IPT_CHAINLABEL chain,
        memcpy(r->entry, e, e->next_offset);
        r->counter_map.maptype = COUNTER_MAP_SET;
 
-       if (!iptcc_map_target(handle, r)) {
+       if (!iptcc_map_target(handle, r, false)) {
                free(r);
                return 0;
        }
@@ -1831,7 +1833,7 @@ TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain,
        memcpy(r->entry, e, e->next_offset);
        r->counter_map.maptype = COUNTER_MAP_SET;
 
-       if (!iptcc_map_target(handle, r)) {
+       if (!iptcc_map_target(handle, r, false)) {
                free(r);
                return 0;
        }
@@ -1870,7 +1872,7 @@ TC_APPEND_ENTRY(const IPT_CHAINLABEL chain,
        memcpy(r->entry, e, e->next_offset);
        r->counter_map.maptype = COUNTER_MAP_SET;
 
-       if (!iptcc_map_target(handle, r)) {
+       if (!iptcc_map_target(handle, r, false)) {
                DEBUGP("unable to map target of rule for chain `%s'\n", chain);
                free(r);
                return 0;
@@ -1976,7 +1978,7 @@ static int delete_entry(const IPT_CHAINLABEL chain, const 
STRUCT_ENTRY *origfw,
 
        memcpy(r->entry, origfw, origfw->next_offset);
        r->counter_map.maptype = COUNTER_MAP_NOMAP;
-       if (!iptcc_map_target(handle, r)) {
+       if (!iptcc_map_target(handle, r, dry_run)) {
                DEBUGP("unable to map target of rule for chain `%s'\n", chain);
                free(r);
                return 0;
-- 
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to