On Thu, 2013-10-24 at 07:29 -0400, Tysen Moore wrote: > I have a case where the init_firewall() is failing. After some digging > I've found that iptables_replace() is failing. My assumption here is that > iptables_replace() is returning the wrong error code, it should be > returning errno. My assumption is based on the caller > __connman_firewall_enable() reporting the error using strerror(-err) which > with the current code will always be 1; therefore I assume errno was the > expected result. While there I made the same change to > iptables_get_entries() even though the only caller currently does not use > the return code for error reporting. > > diff --git a/src/iptables.c b/src/iptables.c > index 49434be..3d286b7 100644 > --- a/src/iptables.c > +++ b/src/iptables.c > @@ -1380,18 +1380,27 @@ static void dump_ipt_replace(struct ipt_replace > *repl) > static int iptables_get_entries(struct connman_iptables *table) > { > socklen_t entry_size; > + int err; > > entry_size = sizeof(struct ipt_get_entries) + table->info->size; > > - return getsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_GET_ENTRIES, > - table->blob_entries, &entry_size); > + err = getsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_GET_ENTRIES, > + table->blob_entries, &entry_size); > + if (err < 0) > + return -errno; > + > + return 0; > } > > static int iptables_replace(struct connman_iptables *table, > struct ipt_replace *r) > { > - return setsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_SET_REPLACE, > r, > - sizeof(*r) + r->size); > + int err = setsockopt(table->ipt_sock, IPPROTO_IP, > IPT_SO_SET_REPLACE, r, > + sizeof(*r) + r->size); > + if (err < 0) > + return -errno; > + > + return 0; > } > > static int add_entry(struct ipt_entry *entry, int builtin, unsigned int > hook,
fatal: corrupt patch at line 6 Patch failed at 0001 iptables: iptables_replace returns the wrong error code Cheers, Patrik _______________________________________________ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman