iptables: Do not flush in the wrong order

author Daniel Wagner <daniel.wagner@bmw-carit.de>

Wed, 6 Mar 2013 15:08:51 +0000 (16:08 +0100)

committer Patrik Flykt <patrik.flykt@linux.intel.com>

Thu, 7 Mar 2013 08:07:09 +0000 (10:07 +0200)
author Daniel Wagner <daniel.wagner@bmw-carit.de>
Wed, 6 Mar 2013 15:08:51 +0000 (16:08 +0100)
committer Patrik Flykt <patrik.flykt@linux.intel.com>
Thu, 7 Mar 2013 08:07:09 +0000 (10:07 +0200)
diff --git a/src/iptables.c b/src/iptables.c

index 9e56d0b..3ae8417 100644 (file)
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -2310,6 +2310,14 @@ void flush_table(const char *name)
                         table->blob_entries->size,
                         flush_table_cb, &chains);
  
+
+       /*
+        * The offset update code is fragile and it works
+        * only safe if we remove elements and move forwards
+        * in the table.
+        */
+       chains = g_slist_reverse(chains);
+
         for (list = chains; list != NULL; list = list->next) {
                 char *chain = list->data;
author	Daniel Wagner <daniel.wagner@bmw-carit.de>
	Wed, 6 Mar 2013 15:08:51 +0000 (16:08 +0100)
committer	Patrik Flykt <patrik.flykt@linux.intel.com>
	Thu, 7 Mar 2013 08:07:09 +0000 (10:07 +0200)