On Thu, 2013-10-24 at 07:29 -0400, Tysen Moore wrote:
> I have a case where the init_firewall() is failing. After some digging
> I've found that iptables_replace() is failing. My assumption here is that
> iptables_replace() is returning the wrong error code, it should be
> returning errno. My assumption is based on the caller
> __connman_firewall_enable() reporting the error using strerror(-err) which
> with the current code will always be 1; therefore I assume errno was the
> expected result. While there I made the same change to
> iptables_get_entries() even though the only caller currently does not use
> the return code for error reporting.
>
> diff --git a/src/iptables.c b/src/iptables.c
> index 49434be..3d286b7 100644
> --- a/src/iptables.c
> +++ b/src/iptables.c
> @@ -1380,18 +1380,27 @@ static void dump_ipt_replace(struct ipt_replace
> *repl)
> static int iptables_get_entries(struct connman_iptables *table)
> {
> socklen_t entry_size;
> + int err;
>
> entry_size = sizeof(struct ipt_get_entries) + table->info->size;
>
> - return getsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_GET_ENTRIES,
> - table->blob_entries, &entry_size);
> + err = getsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_GET_ENTRIES,
> + table->blob_entries, &entry_size);
> + if (err < 0)
> + return -errno;
> +
> + return 0;
> }
>
> static int iptables_replace(struct connman_iptables *table,
> struct ipt_replace *r)
> {
> - return setsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_SET_REPLACE,
> r,
> - sizeof(*r) + r->size);
> + int err = setsockopt(table->ipt_sock, IPPROTO_IP,
> IPT_SO_SET_REPLACE, r,
> + sizeof(*r) + r->size);
> + if (err < 0)
> + return -errno;
> +
> + return 0;
> }
>
> static int add_entry(struct ipt_entry *entry, int builtin, unsigned int
> hook,
fatal: corrupt patch at line 6
Patch failed at 0001 iptables: iptables_replace returns the wrong error
code
Cheers,
Patrik
_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
