[PATCH 2/2] iptables-test: Clear target and match flags

Daniel Wagner wagi at monom.org
Fri Nov 30 04:53:17 PST 2012


From: Daniel Wagner <daniel.wagner at bmw-carit.de>

The flags are only valid per rule. If we don't clear them
__connman_iptables_command() can't be called with such a rule set:

iptables -t mangle -A INPUT -j CONNMARK --restore-mark
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark

(--restore-mark and --save-mark are exclusive options)

Obviously, for iptables-test this patch doesn't make sense, since
it will be only called once when started, but we like to keep
this tool in sync with src/iptables.c
---
 tools/iptables-test.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tools/iptables-test.c b/tools/iptables-test.c
index cc227e8..98afc3b 100644
--- a/tools/iptables-test.c
+++ b/tools/iptables-test.c
@@ -1536,6 +1536,18 @@ int main(int argc, char *argv[])
 	xt_m = NULL;
 	xt_t = NULL;
 
+	/*
+	 * Clear all flags because the flags are only valid
+	 * for one rule.
+	 */
+	for (xt_m = xtables_matches; xt_m != NULL; xt_m = xt_m->next)
+		xt_m->mflags = 0;
+
+	for (xt_t = xtables_targets; xt_t != NULL; xt_t = xt_t->next) {
+		xt_t->tflags = 0;
+		xt_t->used = 0;
+	}
+
 	/* extension's options will generate false-positives errors */
 	opterr = 0;
 
-- 
1.8.0.rc0




More information about the connman mailing list