X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fiptables.c;h=7c62ec3d74f87417c6d107729f48eb37e60b229a;hb=791e46222bd1d67bc21182a930a119a910a86c6f;hp=5b6b5906e761ea67ccbe0e3d72cdfc58a327da8f;hpb=b9290c399cbf0e7e84c39593b2a981dae1a856c9;p=framework%2Fconnectivity%2Fconnman.git

diff --git a/src/iptables.c b/src/iptables.c
index 5b6b590..7c62ec3 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -696,7 +696,10 @@ static int iptables_insert_rule(struct connman_iptables *table,
 	if (new_entry == NULL)
 		return -EINVAL;
 
-	ret = iptables_add_entry(table, new_entry, chain_head->next, builtin);
+	if (builtin == -1)
+		chain_head = chain_head->next;
+
+	ret = iptables_add_entry(table, new_entry, chain_head, builtin);
 	if (ret < 0)
 		g_free(new_entry);
 
@@ -1466,6 +1469,43 @@ done:
 	return xt_m;
 }
 
+static int parse_ip_and_mask(const char *str, struct in_addr *ip, struct in_addr *mask)
+{
+	char **tokens;
+	uint32_t prefixlength;
+	uint32_t tmp;
+	int err;
+
+	tokens = g_strsplit(str, "/", 2);
+	if (tokens == NULL)
+		return -1;
+
+	if (!inet_pton(AF_INET, tokens[0], ip)) {
+		err = -1;
+		goto out;
+	}
+
+	if (tokens[1] != NULL) {
+		prefixlength = strtol(tokens[1], NULL, 10);
+		if (prefixlength > 31) {
+			err = -1;
+			goto out;
+		}
+
+		tmp = ~(0xffffffff >> prefixlength);
+	} else {
+		tmp = 0xffffffff;
+	}
+
+	mask->s_addr = htonl(tmp);
+	ip->s_addr = ip->s_addr & mask->s_addr;
+	err = 0;
+out:
+	g_strfreev(tokens);
+
+	return err;
+}
+
 static int iptables_command(int argc, char *argv[])
 {
 	struct connman_iptables *table;
@@ -1477,7 +1517,6 @@ static int iptables_command(int argc, char *argv[])
 	char *flush_chain, *delete_chain, *policy;
 	int c, ret, in_len, out_len;
 	gboolean dump, invert, insert, delete, compare;
-	struct in_addr src, dst;
 
 	if (argc == 0)
 		return -EINVAL;
@@ -1566,12 +1605,9 @@ static int iptables_command(int argc, char *argv[])
 			break;
 
 		case 'd':
-			if (!inet_pton(AF_INET, optarg, &dst))
+			if (!parse_ip_and_mask(optarg, &ip.dst, &ip.dmsk))
 				break;
 
-			ip.dst = dst;
-			inet_pton(AF_INET, "255.255.255.255", &ip.dmsk);
-
 			if (invert)
 				ip.invflags |= IPT_INV_DSTIP;
 
@@ -1622,12 +1658,9 @@ static int iptables_command(int argc, char *argv[])
 			break;
 
 		case 's':
-			if (!inet_pton(AF_INET, optarg, &src))
+			if (!parse_ip_and_mask(optarg, &ip.src, &ip.smsk))
 				break;
 
-			ip.src = src;
-			inet_pton(AF_INET, "255.255.255.255", &ip.smsk);
-
 			if (invert)
 				ip.invflags |= IPT_INV_SRCIP;