[PATCH v3 2/9] iptables: Fix is_fallthrough() check

Daniel Wagner Wed, 06 Mar 2013 03:05:41 -0800

From: Daniel Wagner <daniel.wag...@bmw-carit.de>

A fallthrough rule is one which has the default target name,
does not have a verdict and is not a jump rule.


is_fallthrough() is called excluslive from the insert path,
thus the value of verdict will be 0 for a fallthrough rule.
---
 src/iptables.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/iptables.c b/src/iptables.c
index c5776b1..fe5214a 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -301,9 +301,13 @@ static gboolean is_fallthrough(struct 
connman_iptables_entry *e)
        struct xt_entry_target *target;
 
        target = ipt_get_target(e->entry);
-       if (!strcmp(target->u.user.name, ""))
-               return true;
+       if (!g_strcmp0(target->u.user.name, IPT_STANDARD_TARGET)) {
+               struct xt_standard_target *t;
 
+               t = (struct xt_standard_target *)target;
+               if (t->verdict == 0)
+                       return true;
+       }
        return false;
 }
 
-- 
1.8.1.3.566.gaa39828

_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman

[PATCH v3 2/9] iptables: Fix is_fallthrough() check

Reply via email to