From 45dc769c96c758d63401aeb8cb42cba87179020b Mon Sep 17 00:00:00 2001
From: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Date: Thu, 27 Oct 2011 10:24:59 +0300
Subject: [PATCH] tools: Add iptables_test builtin chain policy changes

---
 tools/iptables-test.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 50 insertions(+), 3 deletions(-)

diff --git a/tools/iptables-test.c b/tools/iptables-test.c
index 7057723..fe90e0e 100644
--- a/tools/iptables-test.c
+++ b/tools/iptables-test.c
@@ -868,6 +868,35 @@ static int connman_iptables_delete_rule(struct connman_iptables *table,
 	return 0;
 }
 
+static int connman_iptables_change_policy(struct connman_iptables *table,
+						char *chain_name, char *policy)
+{
+	GList *chain_head;
+	struct connman_iptables_entry *entry;
+	struct xt_entry_target *target;
+	struct xt_standard_target *t;
+	int verdict;
+
+	verdict = target_to_verdict(policy);
+	if (verdict == 0)
+		return -EINVAL;
+
+	chain_head = find_chain_head(table, chain_name);
+	if (chain_head == NULL)
+		return -EINVAL;
+
+	entry = chain_head->data;
+	if (entry->builtin < 0)
+		return -EINVAL;
+
+	target = ipt_get_target(entry->entry);
+
+	t = (struct xt_standard_target *)target;
+	t->verdict = verdict;
+
+	return 0;
+}
+
 static struct ipt_replace *connman_iptables_blob(struct connman_iptables *table)
 {
 	struct ipt_replace *r;
@@ -1214,6 +1243,7 @@ static struct option connman_iptables_opts[] = {
 	{.name = "insert",        .has_arg = 1, .val = 'I'},
 	{.name = "list",          .has_arg = 2, .val = 'L'},
 	{.name = "new-chain",     .has_arg = 1, .val = 'N'},
+	{.name = "policy",        .has_arg = 1, .val = 'P'},
 	{.name = "delete-chain",  .has_arg = 1, .val = 'X'},
 	{.name = "destination",   .has_arg = 1, .val = 'd'},
 	{.name = "in-interface",  .has_arg = 1, .val = 'i'},
@@ -1382,7 +1412,7 @@ int main(int argc, char *argv[])
 	struct xtables_target *xt_t;
 	struct ipt_ip ip;
 	char *table_name, *chain, *new_chain, *match_name, *target_name;
-	char *delete_chain, *flush_chain;
+	char *delete_chain, *flush_chain, *policy;
 	int c, in_len, out_len;
 	gboolean dump, invert, delete, insert, delete_rule;
 	struct in_addr src, dst;
@@ -1395,7 +1425,7 @@ int main(int argc, char *argv[])
 	insert = FALSE;
 	delete_rule = FALSE;
 	table_name = chain = new_chain = match_name = target_name = NULL;
-	delete_chain = flush_chain = NULL;
+	delete_chain = flush_chain = policy = NULL;
 	memset(&ip, 0, sizeof(struct ipt_ip));
 	table = NULL;
 	xt_rm = NULL;
@@ -1405,7 +1435,7 @@ int main(int argc, char *argv[])
 	/* extension's options will generate false-positives errors */
 	opterr = 0;
 
-	while ((c = getopt_long(argc, argv, "-A:D:F:I:L::N:X:d:i:j:m:o:s:t:",
+	while ((c = getopt_long(argc, argv, "-A:D:F:I:L::N:P:X:d:i:j:m:o:s:t:",
 				connman_iptables_globals.opts, NULL)) != -1) {
 		switch (c) {
 		case 'A':
@@ -1446,6 +1476,15 @@ int main(int argc, char *argv[])
 			new_chain = optarg;
 			break;
 
+		case 'P':
+			chain = optarg;
+			if (optind < argc)
+				policy = argv[optind++];
+			else
+				goto out;
+
+			break;
+
 		case 'X':
 			delete = true;
 			delete_chain = optarg;
@@ -1626,6 +1665,14 @@ int main(int argc, char *argv[])
 	}
 
 	if (chain) {
+		if (policy != NULL) {
+			printf("Changing policy of %s to %s\n", chain, policy);
+
+			connman_iptables_change_policy(table, chain, policy);
+
+			goto commit;
+		}
+
 		if (delete_rule == TRUE) {
 			printf("Deleting %s to %s (match %s)\n", target_name,
 					chain, match_name);
-- 
2.7.4