Hi Daniel,
From: Daniel Wagner <daniel.wag...@bmw-carit.de>--- src/iptables.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/iptables.c b/src/iptables.c index 93778fa..66a7d2a 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -275,6 +275,19 @@ static int target_to_verdict(const char *target_name) return 0; }+static int target_to_policy(const char *policy_name)+{ + int verdict; + + verdict = target_to_verdict(policy_name); + + /* Only ACCEPT or DROP are valid chain policies */ + if (verdict == (-NF_ACCEPT - 1) || verdict == (-NF_DROP - 1)) + return verdict; + + return 0; +} + static gboolean is_builtin_target(const char *target_name) { if (!strcmp(target_name, LABEL_ACCEPT) || @@ -1060,7 +1073,7 @@ static int iptables_change_policy(struct connman_iptables *table, struct xt_standard_target *t; int verdict;- verdict = target_to_verdict(policy);+ verdict = target_to_policy(policy); if (verdict == 0) return -EINVAL;
No need of target_to_policy() just add the check about accept/drop (which is valid) after verdict == 0 and that's it.
Tomasz _______________________________________________ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
