[PATCH 1/2] iptables: Clear target and match flags

Daniel Wagner wagi at monom.org
Fri Nov 30 04:53:16 PST 2012


From: Daniel Wagner <daniel.wagner at bmw-carit.de>

The flags are only valid per rule. If we don't clear them
__connman_iptables_command() can't be called with such a rule set:

iptables -t mangle -A INPUT -j CONNMARK --restore-mark
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark

(--restore-mark and --save-mark are exclusive options)
---
 src/iptables.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/iptables.c b/src/iptables.c
index 16b665a..0d217b3 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1550,6 +1550,18 @@ static int iptables_command(int argc, char *argv[])
 	/* Default code for options parsing */
 	ret = -EINVAL;
 
+	/*
+	 * Clear all flags because the flags are only valid
+	 * for one rule.
+	 */
+	for (xt_m = xtables_matches; xt_m != NULL; xt_m = xt_m->next)
+		xt_m->mflags = 0;
+
+	for (xt_t = xtables_targets; xt_t != NULL; xt_t = xt_t->next) {
+		xt_t->tflags = 0;
+		xt_t->used = 0;
+	}
+
 	/* extension's options will generate false-positives errors */
 	opterr = 0;
 
-- 
1.8.0.rc0




More information about the connman mailing list