+ ret = produce_iface_rule(rule);
+
+ return ret;
+}
+
+static stc_error_e append_iptables_cmd(GSList **iptables_list, nfacct_rule_s *rule)
+{
+ iptables_rule_s *iptables_rule = NULL;
+
+ iptables_rule = MALLOC0(iptables_rule_s, 1);
+ if (!iptables_rule)
+ return STC_ERROR_OUT_OF_MEMORY;
+
+ iptables_rule->nfacct_name = g_strdup(rule->name);
+ iptables_rule->ifname = g_strdup(rule->ifname);
+ iptables_rule->target = g_strdup(get_iptables_jump(rule->jump));
+ iptables_rule->chain = g_strdup(get_iptables_chain(rule->classid,
+ rule->iotype, rule->app_state, rule->intend));
+ if (rule->classid < STC_RESERVED_CLASSID_MAX)
+ iptables_rule->classid = STC_UNKNOWN_CLASSID;
+ else
+ iptables_rule->classid = rule->classid;
+ iptables_rule->direction = (rule->iotype & NFACCT_COUNTER_IN) ?
+ IPTABLES_DIRECTION_IN : IPTABLES_DIRECTION_OUT;
+
+ *iptables_list = g_slist_append(*iptables_list, iptables_rule);
+
+ return STC_ERROR_NONE;
+}
+
+static void iptables_list_free(gpointer value)
+{
+ iptables_rule_s *iptables_rule = (iptables_rule_s *)value;
+
+ g_free(iptables_rule->chain);
+ g_free(iptables_rule->nfacct_name);
+ g_free(iptables_rule->ifname);
+ g_free(iptables_rule->target);
+ g_free(iptables_rule);
+}
+
+API stc_error_e produce_net_list(GSList *rule_list,
+ nfacct_rule_iptype iptype, nfacct_rule_action action)
+{
+ GSList *list = NULL;
+ GSList *iptables_list = NULL;
+ stc_error_e ret = STC_ERROR_NONE;
+
+ for (list = rule_list; list; list = list->next) {
+ nfacct_rule_s *rule = list->data;
+
+ if (rule->action == NFACCT_ACTION_APPEND &&
+ rule->intend == NFACCT_WARN &&
+ !rule->send_limit && !rule->rcv_limit)
+ continue;
+
+ generate_counter_name(rule);
+ if (rule->action != NFACCT_ACTION_DELETE) {
+ ret = nfacct_send_del(rule);
+ if (ret != STC_ERROR_NONE)
+ continue;
+
+ ret = nfacct_send_new(rule);
+ if (ret != STC_ERROR_NONE)
+ continue;
+ }
+
+ append_iptables_cmd(&iptables_list, rule);
+ }
+
+ if (action == NFACCT_ACTION_INSERT ||
+ action == NFACCT_ACTION_APPEND)
+ ret = iptables_add_list(iptables_list, iptype);
+ else if (action == NFACCT_ACTION_DELETE)
+ ret = iptables_remove_list(iptables_list, iptype);
+
+ for (list = rule_list; list; list = list->next) {
+ nfacct_rule_s *rule = list->data;
+
+ if (rule->action == NFACCT_ACTION_DELETE)
+ nfacct_send_del(rule);
+ }