iptables: Fix is_fallthrough() check

A fallthrough rule is one which has the default target name,
does not have a verdict and is not a jump rule.

is_fallthrough() is called excluslive from the insert path,
thus the value of verdict will be 0 for a fallthrough rule.

diff --git a/src/iptables.c b/src/iptables.c
index c5776b1ca6e707edb72cc118e02eb98c279b3f40..fe5214a54c4bf81528ba4d3ea77c23aa785f6483 100644 (file)
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -301,9 +301,13 @@ static gboolean is_fallthrough(struct connman_iptables_entry *e)
        struct xt_entry_target *target;
 
        target = ipt_get_target(e->entry);
-       if (!strcmp(target->u.user.name, ""))
-               return true;
+       if (!g_strcmp0(target->u.user.name, IPT_STANDARD_TARGET)) {
+               struct xt_standard_target *t;
 
+               t = (struct xt_standard_target *)target;
+               if (t->verdict == 0)
+                       return true;
+       }
        return false;
 }