projects / platform / upstream / connman.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cc660f8)
iptables: Fix setting policy
authorDaniel Wagner <daniel.wagner@bmw-carit.de>
Wed, 6 Mar 2013 15:08:53 +0000 (16:08 +0100)
committerPatrik Flykt <patrik.flykt@linux.intel.com>
Thu, 7 Mar 2013 08:07:11 +0000 (10:07 +0200)
The policy is kept at the end of the chain not at the beginning.
Currently, the code assumes that the builtin chain is empty.

src/iptables.c patch | blob | history

diff --git a/src/iptables.c b/src/iptables.c
index 6dd944e..158dcf3 100644 (file)
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1054,7 +1054,7 @@ static int iptables_delete_rule(struct connman_iptables *table,
 static int iptables_change_policy(struct connman_iptables *table,
                                const char *chain_name, const char *policy)
 {
-       GList *chain_head;
+       GList *chain_head, *chain_tail;
        struct connman_iptables_entry *entry;
        struct xt_entry_target *target;
        struct xt_standard_target *t;
@@ -1072,6 +1072,11 @@ static int iptables_change_policy(struct connman_iptables *table,
        if (entry->builtin < 0)
                return -EINVAL;
 
+       chain_tail = find_chain_tail(table, chain_name);
+       if (chain_tail == NULL)
+               return -EINVAL;
+
+       entry = chain_tail->prev->data;
        target = ipt_get_target(entry->entry);
 
        t = (struct xt_standard_target *)target;
Domain: Network & Connectivity / Data Network;