From 05ae1fe8a02326a7cdae03fe73dc5936bc114dda Mon Sep 17 00:00:00 2001
From: Samuel Ortiz <sameo@linux.intel.com>
Date: Fri, 12 Nov 2010 00:20:22 +0100
Subject: [PATCH] iptables-test: Fix builtin chain rule addition

---
 tools/iptables-test.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/tools/iptables-test.c b/tools/iptables-test.c
index ef5f9a4..5634eae 100644
--- a/tools/iptables-test.c
+++ b/tools/iptables-test.c
@@ -553,6 +553,7 @@ static void update_hooks(struct connman_iptables *table, GList *chain_head, stru
 			continue;
 
 		table->hook_entry[builtin] += entry->next_offset;
+		table->underflow[builtin] += entry->next_offset;
 	}
 }
 
@@ -563,6 +564,8 @@ connman_iptables_add_rule(struct connman_iptables *table, char *chain_name,
 {
 	GList *chain_tail, *chain_head;
 	struct ipt_entry *new_entry;
+	struct connman_iptables_entry *head;
+	int builtin = -1;
 
 	chain_head = find_chain_head(table, chain_name);
 	if (chain_head == NULL)
@@ -580,7 +583,20 @@ connman_iptables_add_rule(struct connman_iptables *table, char *chain_name,
 
 	update_hooks(table, chain_head, new_entry);
 
-	return connman_add_entry(table, new_entry, chain_tail, -1);
+	/*
+	 * If the chain is builtin, and does not have any rule,
+	 * then the one that we're inserting is becoming the head
+	 * and thus needs the builtin flag.
+	 */
+	head = chain_head->data;
+	if (head->builtin < 0)
+		builtin = -1;
+	else if (chain_head == chain_tail->prev) {
+		head->builtin = -1;
+		builtin = head->builtin;
+	}
+
+	return connman_add_entry(table, new_entry, chain_tail->prev, builtin);
 }
 
 static struct ipt_replace *
-- 
2.7.4