Name: stc-iptables
Summary: STC(Smart Traffic Control) iptables
-Version: 0.0.5
+Version: 0.0.6
Release: 0
Group: Network & Connectivity/Other
License: GPL-2.0+
{
ip6t_entry_t *e = NULL;
ip6t_entry_target_t *target = NULL;
+ unsigned int size_mask = 0;
unsigned int size_match = 0;
- if (!rule->chain || !rule->ifname ||
- (rule->classid < 0) || !rule->nfacct_name) {
+ if (!rule->chain || !rule->ifname) {
STC_LOGE("Invalid parameters");
return STC_ERROR_INVALID_PARAMETER;
}
e = (ip6t_entry_t *)(entry);
/* entry size */
- e->target_offset = SIZE_ENTRY + SIZE_CGROUP_MATCH + SIZE_NFACCT_MATCH;
- e->next_offset = SIZE_TOTAL;
+ e->target_offset = SIZE_ENTRY;
+ e->next_offset = SIZE_ENTRY;
+ size_mask = sizeof(ip6t_entry_t);
switch (rule->type) {
case IP6TABLES_RULE_IN:
return STC_ERROR_INVALID_PARAMETER;
}
- size_match = __add_cgroup_match(rule->classid, (ip6t_entry_match_t *) e->elems);
- size_match += __add_nfacct_match(rule->nfacct_name, (ip6t_entry_match_t *) (e->elems + size_match));
+ if (rule->classid > 0) {
+ size_match += __add_cgroup_match(rule->classid, (ip6t_entry_match_t *) e->elems);
+ size_mask += sizeof(ip6t_entry_match_t);
+ e->target_offset += SIZE_CGROUP_MATCH;
+ e->next_offset += SIZE_CGROUP_MATCH;
+ }
+
+ if (rule->nfacct_name) {
+ size_match += __add_nfacct_match(rule->nfacct_name, (ip6t_entry_match_t *) (e->elems + size_match));
+ size_mask += sizeof(ip6t_entry_match_t);
+ e->target_offset += SIZE_NFACCT_MATCH;
+ e->next_offset += SIZE_NFACCT_MATCH;
+ }
/* target => "-j ACCEPT" */
target = (ip6t_entry_target_t *) (e->elems + size_match);
target->u.target_size = SIZE_TARGET;
- if (rule->target)
+ if (rule->target) {
strncpy(target->u.user.name, rule->target, sizeof(target->u.user.name));
+ e->next_offset += SIZE_TARGET;
+ }
- memset(mask, 0xFF, sizeof(ip6t_entry_t) +
- sizeof(ip6t_entry_match_t) + sizeof(ip6t_entry_match_t));
+ memset(mask, 0xFF, size_mask);
return STC_ERROR_NONE;
}
{
ipt_entry_t *e = NULL;
ipt_entry_target_t *target = NULL;
+ unsigned int size_mask = 0;
unsigned int size_match = 0;
- if (!rule->chain || !rule->ifname ||
- (rule->classid < 0) || !rule->nfacct_name) {
+ if (!rule->chain || !rule->ifname) {
STC_LOGE("Invalid parameters");
return STC_ERROR_INVALID_PARAMETER;
}
e = (ipt_entry_t *)(entry);
/* entry size */
- e->target_offset = SIZE_ENTRY + SIZE_CGROUP_MATCH + SIZE_NFACCT_MATCH;
- e->next_offset = SIZE_TOTAL;
+ e->target_offset = SIZE_ENTRY;
+ e->next_offset = SIZE_ENTRY;
+ size_mask = sizeof(ipt_entry_t);
switch (rule->type) {
case IPTABLES_RULE_IN:
return STC_ERROR_INVALID_PARAMETER;
}
- size_match = __add_cgroup_match(rule->classid, (ipt_entry_match_t *) e->elems);
- size_match += __add_nfacct_match(rule->nfacct_name, (ipt_entry_match_t *) (e->elems + size_match));
+ if (rule->classid > 0) {
+ size_match += __add_cgroup_match(rule->classid, (ipt_entry_match_t *) e->elems);
+ size_mask += sizeof(ipt_entry_match_t);
+ e->target_offset += SIZE_CGROUP_MATCH;
+ e->next_offset += SIZE_CGROUP_MATCH;
+ }
+
+ if (rule->nfacct_name) {
+ size_match += __add_nfacct_match(rule->nfacct_name, (ipt_entry_match_t *) (e->elems + size_match));
+ size_mask += sizeof(ipt_entry_match_t);
+ e->target_offset += SIZE_NFACCT_MATCH;
+ e->next_offset += SIZE_NFACCT_MATCH;
+ }
/* target => "-j ACCEPT" */
target = (ipt_entry_target_t *) (e->elems + size_match);
target->u.target_size = SIZE_TARGET;
- if (rule->target)
+ if (rule->target) {
strncpy(target->u.user.name, rule->target, sizeof(target->u.user.name));
+ e->next_offset += SIZE_TARGET;
+ }
- memset(mask, 0xFF, sizeof(ipt_entry_t) +
- sizeof(ipt_entry_match_t) + sizeof(ipt_entry_match_t));
+ memset(mask, 0xFF, size_mask);
return STC_ERROR_NONE;
}