From c6031d229acb3694db2660a98428156ebc0b6cde Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Wed, 6 Mar 2013 16:08:55 +0100 Subject: [PATCH] iptables: Fix rule appending Commit ba052f1f "iptables: Add split out iptables commands" introduced a bug. __connman_iptables_append() should call iptables_append_rule() instead of iptables_insert_rule(). --- src/iptables.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index 734ebc1..ea2a52b 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -796,7 +796,7 @@ static struct ipt_entry *prepare_rule_inclusion(struct connman_iptables *table, return new_entry; } -static int iptables_insert_rule(struct connman_iptables *table, +static int iptables_append_rule(struct connman_iptables *table, struct ipt_ip *ip, const char *chain_name, const char *target_name, struct xtables_target *xt_t, @@ -804,10 +804,10 @@ static int iptables_insert_rule(struct connman_iptables *table, { struct ipt_entry *new_entry; int builtin = -1, ret; - GList *chain_head; + GList *chain_tail; - chain_head = find_chain_head(table, chain_name); - if (chain_head == NULL) + chain_tail = find_chain_tail(table, chain_name); + if (chain_tail == NULL) return -EINVAL; new_entry = prepare_rule_inclusion(table, ip, chain_name, @@ -815,10 +815,7 @@ static int iptables_insert_rule(struct connman_iptables *table, if (new_entry == NULL) return -EINVAL; - if (builtin == -1) - chain_head = chain_head->next; - - ret = iptables_add_entry(table, new_entry, chain_head, builtin); + ret = iptables_add_entry(table, new_entry, chain_tail->prev, builtin); if (ret < 0) g_free(new_entry); @@ -2185,7 +2182,7 @@ int __connman_iptables_append(const char *table_name, else target_name = ctx->xt_t->name; - err = iptables_insert_rule(table, ctx->ip, chain, + err = iptables_append_rule(table, ctx->ip, chain, target_name, ctx->xt_t, ctx->xt_rm); out: cleanup_parse_context(ctx); -- 2.7.4