From 63994912c07341c62c91fdffe4b372cb06c8b624 Mon Sep 17 00:00:00 2001
From: Daniel Wagner <daniel.wagner@bmw-carit.de>
Date: Wed, 6 Mar 2013 16:08:49 +0100
Subject: [PATCH] iptables: Fix is_fallthrough() check

A fallthrough rule is one which has the default target name,
does not have a verdict and is not a jump rule.

is_fallthrough() is called excluslive from the insert path,
thus the value of verdict will be 0 for a fallthrough rule.
---
 src/iptables.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/iptables.c b/src/iptables.c
index c5776b1..fe5214a 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -301,9 +301,13 @@ static gboolean is_fallthrough(struct connman_iptables_entry *e)
 	struct xt_entry_target *target;
 
 	target = ipt_get_target(e->entry);
-	if (!strcmp(target->u.user.name, ""))
-		return true;
+	if (!g_strcmp0(target->u.user.name, IPT_STANDARD_TARGET)) {
+		struct xt_standard_target *t;
 
+		t = (struct xt_standard_target *)target;
+		if (t->verdict == 0)
+			return true;
+	}
 	return false;
 }
 
-- 
2.7.4