From: Daniel Wagner <daniel.wag...@bmw-carit.de>
We need to see a bit more in detail what happens when
CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing
during bootup.
Also remove the DBG() from parse_rule_spec() because all callers
already have a DBG(). So not much additional information here.
---
src/iptables.c | 37 +++++++++++++++++++++++++++----------
1 file changed, 27 insertions(+), 10 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index 2d3b054..9880130 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -160,6 +160,7 @@ struct connman_iptables_entry {
};
struct connman_iptables {
+ char *name;
int ipt_sock;
struct ipt_getinfo *info;
@@ -521,6 +522,8 @@ static int iptables_flush_chain(struct connman_iptables
*table,
struct connman_iptables_entry *entry;
int builtin, removed = 0;
+ DBG("table %s chain %s", table->name, name);
+
chain_head = find_chain_head(table, name);
if (chain_head == NULL)
return -EINVAL;
@@ -585,6 +588,8 @@ static int iptables_add_chain(struct connman_iptables
*table,
struct ipt_standard_target *standard;
u_int16_t entry_head_size, entry_return_size;
+ DBG("table %s chain %s", table->name, name);
+
last = g_list_last(table->entries);
/*
@@ -652,6 +657,8 @@ static int iptables_delete_chain(struct connman_iptables
*table,
struct connman_iptables_entry *entry;
GList *chain_head, *chain_tail;
+ DBG("table %s chain %s", table->name, name);
+
chain_head = find_chain_head(table, name);
if (chain_head == NULL)
return -EINVAL;
@@ -806,6 +813,8 @@ static int iptables_insert_rule(struct connman_iptables
*table,
int builtin = -1, ret;
GList *chain_head;
+ DBG("table %s chain %s", table->name, chain_name);
+
chain_head = find_chain_head(table, chain_name);
if (chain_head == NULL)
return -EINVAL;
@@ -996,6 +1005,8 @@ static int iptables_delete_rule(struct connman_iptables
*table,
GList *chain_head, *chain_tail, *list;
int builtin, removed;
+ DBG("table %s chain %s", table->name, chain_name);
+
removed = 0;
chain_head = find_chain_head(table, chain_name);
@@ -1060,6 +1071,8 @@ static int iptables_change_policy(struct connman_iptables
*table,
struct xt_standard_target *t;
int verdict;
+ DBG("table %s chain %s policy %s", table->name, chain_name, policy);
+
verdict = target_to_verdict(policy);
if (verdict == 0)
return -EINVAL;
@@ -1370,6 +1383,7 @@ static void table_cleanup(struct connman_iptables *table)
}
g_list_free(table->entries);
+ g_free(table->name);
g_free(table->info);
g_free(table->blob_entries);
g_free(table);
@@ -1398,10 +1412,6 @@ static struct connman_iptables *iptables_init(const char
*table_name)
g_free(module);
- table = g_hash_table_lookup(table_hash, table_name);
- if (table != NULL)
- return table;
-
table = g_try_new0(struct connman_iptables, 1);
if (table == NULL)
return NULL;
@@ -1448,8 +1458,6 @@ static struct connman_iptables *iptables_init(const char
*table_name)
table->info->underflow, table->blob_entries->size,
add_entry, table);
- g_hash_table_insert(table_hash, g_strdup(table_name), table);
-
if (debug_enabled == TRUE)
dump_table(table);
@@ -1663,7 +1671,18 @@ static struct connman_iptables *pre_load_table(const
char *table_name,
if (table != NULL)
return table;
- return iptables_init(table_name);
+ table = g_hash_table_lookup(table_hash, table_name);
+ if (table != NULL)
+ return table;
+
+ table = iptables_init(table_name);
+ if (table == NULL)
+ return NULL;
+
+ table->name = g_strdup(table_name);
+ g_hash_table_replace(table_hash, table->name, table);
+
+ return table;
}
struct parse_context {
@@ -1841,8 +1860,6 @@ static int parse_rule_spec(struct connman_iptables *table,
connman_bool_t invert = FALSE;
int len, c, err;
- DBG("");
-
ctx->ip = g_try_new0(struct ipt_ip, 1);
if (ctx->ip == NULL)
return -ENOMEM;
@@ -2263,7 +2280,7 @@ int __connman_iptables_init(void)
debug_enabled = TRUE;
table_hash = g_hash_table_new_full(g_str_hash, g_str_equal,
- g_free, remove_table);
+ NULL, remove_table);
xtables_init_all(&iptables_globals, NFPROTO_IPV4);
--
1.8.1.3.566.gaa39828
_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
