This commit fixes protocol use with iptables management. Protocol type is changed to uint16_t, which is the type xtables_parse_protocol() returns. Without this fix iptables rules with switch -p cannot be added to iptables and setsockopt() in iptables_replace() will return error: Invalid argument. --- src/iptables.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index fd692e9..1101e5c 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1563,6 +1563,7 @@ static struct option iptables_opts[] = { {.name = "out-interface", .has_arg = 1, .val = 'o'}, {.name = "source", .has_arg = 1, .val = 's'}, {.name = "table", .has_arg = 1, .val = 't'}, + {.name = "protocol", .has_arg = 1, .val = 'p'}, {NULL}, }; @@ -1772,7 +1773,7 @@ struct parse_context { struct xtables_target *xt_t; GList *xt_m; struct xtables_rule_match *xt_rm; - int proto; + uint16_t proto; }; static int prepare_getopt_args(const char *str, struct parse_context *ctx) @@ -1962,7 +1963,7 @@ static int parse_rule_spec(struct connman_iptables *table, optind = 0; while ((c = getopt_long(ctx->argc, ctx->argv, - "-:d:i:o:s:m:j:", + "-:d:i:o:s:m:j:p:", iptables_globals.opts, NULL)) != -1) { switch (c) { case 's': @@ -2026,6 +2027,12 @@ static int parse_rule_spec(struct connman_iptables *table, break; case 'p': ctx->proto = xtables_parse_protocol(optarg); + + /* If protocol was set add it to ipt_ip. + * xtables_parse_protocol() returns 0 or UINT16_MAX (-1) on error + * */ + if (ctx->proto > 0 && ctx->proto < UINT16_MAX) + ctx->ip->proto = ctx->proto; break; case 'j': /* Target */ -- 2.7.4