From: Daniel Wagner <daniel.wag...@bmw-carit.de>
---
src/iptables.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 57 insertions(+), 5 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index 5fdf697..ea6c690 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -2347,17 +2347,62 @@ out:
return err;
}
+static int insert_managed_chain(const char *table_name, int index)
+{
+ struct connman_iptables *table;
+ char *rule;
+ int err;
+
+ table = get_table(table_name);
+ if (table == NULL)
+ return -ENOMEM;
+
+ err = iptables_add_chain(table, managed_hooknames[index]);
+ if (err < 0)
+ return err;
+
+ rule = g_strdup_printf("-j %s", managed_hooknames[index]);
+ err = __connman_iptables_append(table_name, hooknames[index], rule);
+ g_free(rule);
+ if (err < 0)
+ iptables_delete_chain(table, managed_hooknames[index]);
+
+ return 0;
+}
+
+static int delete_managed_chain(const char *table_name, int index)
+{
+ struct connman_iptables *table;
+ char *chain, *rule;
+ int err;
+
+ table = get_table(table_name);
+ if (table == NULL)
+ return -ENOMEM;
+
+ rule = g_strdup_printf("-j %s", managed_hooknames[index]);
+ err = __connman_iptables_delete(table_name, hooknames[index], rule);
+ g_free(rule);
+
+ err = iptables_delete_chain(table, managed_hooknames[index]);
+
+ return err;
+}
+
int __connman_iptables_managed_append(const char *table_name,
const char *chain_name,
const char *rule_spec)
{
struct connman_managed_table *mtable = NULL;
GSList *list;
+ const char *chain;
int index, err;
index = chain_to_index(chain_name);
- if (index < 0)
+ if (index < 0) {
+ chain = chain_name;
goto out;
+ }
for (list = managed_tables; list != NULL; list = list->next) {
mtable = list->data;
@@ -2378,12 +2423,17 @@ int __connman_iptables_managed_append(const char
*table_name,
if (mtable->chains[index] == 0) {
DBG("table %s add managed chain for %s",
table_name, chain_name);
+
+ err = insert_managed_chain(table_name, index);
+ if (err < 0)
+ return err;
}
mtable->chains[index]++;
+ chain = managed_hooknames[index];
out:
- return __connman_iptables_append(table_name, chain_name, rule_spec);
+ return __connman_iptables_append(table_name, chain, rule_spec);
}
int __connman_iptables_managed_delete(const char *table_name,
@@ -2392,13 +2442,15 @@ int __connman_iptables_managed_delete(const char
*table_name,
{
struct connman_managed_table *mtable = NULL;
GSList *list;
- int index;
+ int index, err;
index = chain_to_index(chain_name);
if (index < 0)
return __connman_iptables_delete(table_name, chain_name,
rule_spec);
+ err = __connman_iptables_delete(table_name, managed_hooknames[index],
+ rule_spec);
for (list = managed_tables; list != NULL; list = list->next) {
mtable = list->data;
@@ -2415,12 +2467,12 @@ int __connman_iptables_managed_delete(const char
*table_name,
mtable->chains[index]--;
if (mtable->chains[index] > 0)
- return 0;
+ return err;
DBG("table %s remove managed chain for %s",
table_name, chain_name);
- return 0;
+ return delete_managed_chain(table_name, index);
}
static void cleanup_managed_table(gpointer user_data)
--
1.8.1.3.566.gaa39828
_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
