summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Wagner <daniel.wagner@bmw-carit.de>2013-02-12 10:19:44 +0100
committerPatrik Flykt <patrik.flykt@linux.intel.com>2013-02-12 12:33:54 +0200
commitf06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9 (patch)
treedcd26f9a2839f90b40aa853c1260a24eefdd60be
parent142d8fef7d5531653aa8767e7ce32b683b9e128b (diff)
downloadconnman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.tar.gz
connman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.tar.bz2
connman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.zip
iptables: Flush 'filter' 'mangle' and 'nat' table
The implementation is ugly but there is not much we can do about it, the iptables API is being just plain stupid here.
Diffstat
-rw-r--r--src/iptables.c61
1 files changed, 60 insertions, 1 deletions
diff --git a/src/iptables.c b/src/iptables.c
index 3e3c6832..d435519f 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -2123,6 +2123,64 @@ static void remove_table(gpointer user_data)
table_cleanup(table);
}
+static int flush_table_cb(struct ipt_entry *entry, int builtin,
+ unsigned int hook, size_t size,
+ unsigned int offset, void *user_data)
+{
+ GSList **chains = user_data;
+ struct xt_entry_target *target;
+ char *name;
+
+ if (offset + entry->next_offset == size)
+ return 0;
+
+ target = ipt_get_target(entry);
+
+ if (!strcmp(target->u.user.name, IPT_ERROR_TARGET))
+ name = g_strdup((const char*)target->data);
+ else if (builtin >= 0)
+ name = g_strdup(hooknames[builtin]);
+ else
+ return 0;
+
+ *chains = g_slist_prepend(*chains, name);
+
+ return 0;
+}
+
+static void flush_table(const char *name)
+{
+ GSList *chains = NULL, *list;
+ struct connman_iptables *table;
+
+ table = pre_load_table(name, NULL);
+ if (table == NULL)
+ return;
+
+ iterate_entries(table->blob_entries->entrytable,
+ table->info->valid_hooks,
+ table->info->hook_entry,
+ table->blob_entries->size,
+ flush_table_cb, &chains);
+
+ for (list = chains; list != NULL; list = list->next) {
+ char *chain = list->data;
+
+ DBG("chain %s", chain);
+ iptables_flush_chain(table, chain);
+ }
+
+ __connman_iptables_commit(name);
+ g_slist_free_full(chains, g_free);
+}
+
+static void flush_all_chains(void)
+{
+ flush_table("filter");
+ flush_table("mangle");
+ flush_table("nat");
+}
+
int __connman_iptables_init(void)
{
DBG("");
@@ -2135,8 +2193,9 @@ int __connman_iptables_init(void)
xtables_init_all(&iptables_globals, NFPROTO_IPV4);
- return 0;
+ flush_all_chains();
+ return 0;
}
void __connman_iptables_cleanup(void)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 18:58:17 +0000