From 63994912c07341c62c91fdffe4b372cb06c8b624 Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Wed, 6 Mar 2013 16:08:49 +0100 Subject: [PATCH] iptables: Fix is_fallthrough() check A fallthrough rule is one which has the default target name, does not have a verdict and is not a jump rule. is_fallthrough() is called excluslive from the insert path, thus the value of verdict will be 0 for a fallthrough rule. --- src/iptables.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index c5776b1c..fe5214a5 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -301,9 +301,13 @@ static gboolean is_fallthrough(struct connman_iptables_entry *e) struct xt_entry_target *target; target = ipt_get_target(e->entry); - if (!strcmp(target->u.user.name, "")) - return true; + if (!g_strcmp0(target->u.user.name, IPT_STANDARD_TARGET)) { + struct xt_standard_target *t; + t = (struct xt_standard_target *)target; + if (t->verdict == 0) + return true; + } return false; } -- 2.34.1